A hacking group has been targeting game companies for years in order to steal source code, an antivirus report has found.
The report, by Kaspersky Lab, has found that a China-based group known as Winnti has been stealing source code and legitimate digital certificates for software using a trojan.
The antivirus maker investigated an infection at an unnamed game company and found malware had been created for a particular service on the company’s server. This was one way that malicious software was being introduced to games.
This rogue can have an adverse impact on the games themselves, tilting the balance in favour of cheats.
The elements that the group has introduced to games may be unnoticeable to players, the report said.
“Members of the Winnti team are patient and cautious. Cybercriminals have affected the processes of the online games from the infected companies and stolen money from them for years, but they have found ways of doing this without attracting attention to themselves," the reports states.
The legitimate certificates have then been used by the gang to smuggle their malicious software onto targeted computers, or sold on to the black market.
The Winnti trojan horse has infected more than 30 online game companies in South East Asia and game publishers worldwide, Kaspersky senior security researcher Kurt Baumgartner told Polygon.
“It seems like the goal of the attackers is to focus on the gaming companies, steal their digital certificates and maintain their stealth,” Baumgartner explained. “We haven’t seen them going after the end user. Instead they are harvesting these digital certificates.”
Kaspersky’s report states that Winnti was first detected in autumn 2011 on several computers used by players of an unnamed online game. Antivirus company Symantec named the trojan ‘Winnti’ and that name was later used to identify the group behind the attacks.
Baumgartner add that one reasons why the hack group may be targeting online game companies is because those firms have digital certificates from around the world because of their global operations. Another reason may be for the collection of online game currency, which can later be sold to other players for real money.
“We’re not entirely certain why they’re focused on gaming, but it’s definitely a pattern,” he added.
The group is still believed to be active, but Kaspersky hopes its report will help other companies protect themselves from possible intrusions.