A Chinese hacking ring, which has been active for four years, has been stealing data from players of more than 30 massively multiplayer online (MMO) role-playing games.
That's according to research by security software vendor Kaspersky Lab which reveals that at least 35 game developers and publishers have been affected by a collective of hackers they've dubbed "Winnti'. The organisation has infiltrated online servers of a number of MMOs, mostly those from South East Asia, but also the US, Germany, Japan, China, Russia, Brazil, Peru, and Belarus-based games have also come under attack over the past four years.
Further reading
Hackers raid World of Warcraft game servers Runescape: A big data case study H4cked Off: Valve's Team Fortress 2 freebies are good news for Linux
Kaspersky's research shows evidence that the Chinese hackers attempted to steal proprietary software code in order to develop pirated versions of the MMOs or to steal in-game currency. The in-game currency can be sold on to other players for real money.
"Having infected gaming companies that do business in MMOs, the attackers potentially get access to millions of users," the researchers wrote, adding that the practice puts game users at risk.
"So far we don't have data that the attackers stole from common users, but we do have at least two incidents when Winnti malware had been planted on an online game update server and [this] malicious executable was spread among large number of the game fans.
"The samples we have observed seemed not to be malware targeted for the game fans, but a malware module that accidentally got into [the] wrong place. [The] potential of attackers to misuse such access to infect hundreds of millions of Internet users creates a great risk."
Games companies affected by the Winnti hacks include Trion Worlds, the developer of Rift and the recently released MMO Defiance, and NCsoft, publisher of popular MMO Guild Wars 2.
Earlier this year, Kaspersky's rival AVG Technologies warned that children as young as 11 are developing their own malicious code to steal personal data from online games.
"We believe these junior programmers are motivated mainly by the thrill of outwitting their peers, rather than financial gain, but it is nevertheless a disturbing and increasing trend," said Yuval Ben-Itzhak, chief technology officer at AVG Technologies.
"It is also logical to assume that at least some of those responsible will be tempted to experiment with much more serious cyber crimes."
