Millions of gaming-related logins have been compromised in an extensive infostealer malware campaign, targeting players who utilize cheats and pay-to-cheat services across various gaming websites. The campaign came to light after a Discord user, ‘PainCorp,’ alerted Zebleer, the developer of Phantom Overlay cheats for games like Call of Duty and Counter-Strike, about a significant infostealer database. According to Zebleer, this represents the largest infostealer malware campaign targeting gamers and cheaters in history, with the database containing credentials for several million gamers.
Discord emerged as the domain with the highest number of stolen accounts, totaling 14 million entries in the database. Although the method of malware distribution to such a large user base remains unconfirmed, it’s suspected that free or low-cost software advertised to Call of Duty gamers may contain the infostealer. Additionally, cybersecurity research group vx-underground reported instances of compromised Electrum BTC wallets due to malware activity, with more than 40,000 valid accounts compromised on the gaming forum Elite PVPers.
Despite the significant impact on the gaming community, the validity of the compromised accounts and the presence of duplicates remain unclear. In response, Activision Blizzard is collaborating with cheat developers to mitigate the campaign’s effects and offer security guidance to affected account holders. The company emphasizes that its servers remain secure and uncompromised, advising players to change passwords and implement two-factor authentication (2FA) to safeguard their accounts. However, due to limited visibility into players’ external gaming resources, Activision Blizzard can only obtain a list of stolen credentials and mandate password resets for affected accounts.
