Cheating in online video games is nothing new — it’s been an almost permanent fixture of the scene for years. Despite consistent anti-cheat efforts, new hacks continue to crop up for popular games all the time. It’s an arms race, much in the same way security researchers and malware authors battle against each other on a regular basis. Dabbling in these hacks has always been risky business; after all, how can you trust the author to provide the cheat you want, without some nasty extras packaged inside?
The reality is that you can’t. The appearance of a new and functional hack for the Mac version of the popular first-person shooter, Counter-Strike: Global Offensive (also known as CSGO), proves that very clearly according to new research. In the wild since early July of this year, this fully functional hack not only currently evades the game’s anti-cheat detection but allows the user to modify crucial aspects of the game to gain an unbeatable advantage over opponents. While there is a private version of the hack for sale, many users are no doubt encountering it through a download that is currently freely available.
Mac users who download the cheat get much more than they bargained for, however, as a sneaky Trojan horse virus hides inside its code. During the installation process, the cheat software also downloads additional droppers to place a cryptocurrency mining program (similar to those used for generating Bitcoin) on the user’s Mac. After loading the software and phoning home to its command and control server, it checks to see if your Mac meets the right requirements to proceed.
If it does, your Mac will kick into overdrive to run the calculations necessary to generate cryptocurrency coins for the hack authors — in this case, a currency known as Monero. Meanwhile, the malware continually polls its C&C server to determine what it should do next. If it receives a command to stop mining, the malware will temporarily go dormant until it phones in again to make another check.
With this method, the authors can ensure that they do not create too much suspicion due to slow system performance. It’s not known whether the “private” version exploits users in the same way, but it should go without saying that users should steer very clear of these types of downloads. Not only do users risk a ban in the game, but they’re also putting their Macs at risk, too. While a cryptocurrency miner is far from the most damaging malware a cheat program could drop onto your machine, it shows this is currently a viable attack against Macs. Remember to watch what you download!