Automatic Detection and Analysis of the “Game Hack” Scam
DOI:
https://doi.org/10.13052/jwe1540-9589.1881Keywords:
Game scam, scam analysis, fraud detection, cyberattackAbstract
The “Game Hack” Scam (GHS) is a mostly unreported cyberattack in which attackers attempt to convince victims that they will be provided with free, unlimited “resources” or other advantages for their favorite game. The endgame of the scammers ranges from monetizing for themselves the victims time and resources by having them click through endless “surveys”, filing out “market research” forms, etc., to collecting personal information, getting the victims to subscribe to questionable services, up to installing questionable executable files on their machines. Other scams such as the “Technical Support Scam”, the “Survey Scam”, and the “Romance Scam” have been analyzed before but to the best of our knowledge, GHS has not been well studied so far and is indeed mostly unknown. In this paper, our aim is to investigate and gain more knowledge on this type of scam by following a data-driven approach; we formulate GHS-related search queries, and used multiple search engines to collect data about the websites to which GHS victims are directed when they search online for various game hacks and tricks. We analyze the collected data to provide new insight into GHS and research the extent of this scam. We show that despite its low profile, the click traffic generated by the scam is in the hundreds of millions. We also show that GHS attackers use social media, streaming sites, blogs, and even unrelated sites such as change.org or jeuxvideo.com to carry out their attacks and reach a large number of victims. Our data collection spans a year; in that time, we uncovered 65,905 different GHS URLs, mapped onto over 5,900 unique domains.We were able to link attacks to attackers and found that they routinely target a vast array of games. Furthermore, we find that GHS instances are on the rise, and so is the number of victims. Our low-end estimation is that these attacks have been clicked at least 150 million times in the last five years. Finally, in keeping with similar large-scale scam studies, we find that the current public blacklists are inadequate and suggest that our method is more effective at detecting these attacks.
Downloads
References
List: The two-letter country code/country abbreviation. bit.ly/2ROvg8N,
Daniel Arp, Spreitzenbarth Michael, Hubner Malte, Gascon Hugo,
Rieck Konrad, and Siemens C. E. R. T. Drebin: Effective and explainable
detection of android malware in your pocket. Ndss, 14:23–26,
A. M. Aswini and P. Vinod. Droid permission miner: Mining prominent
permissions for android malware analysis. In The Fifth International
Conference on the Applications of Digital Information and Web
Technologies (ICADIWT 2014), pages 81–86, Feb. 2014.
Emad Badawi, Guy-Vincent Jourdan, Gregor Bochmann, Iosif-Viorel
Onut, and Jason Flood. The “game hack” scam. In International
Conference on Web Engineering, pages 280–295. Springer, 2019.
Morvareed Bidgoli and Jens Grossklags. “hello. this is the irs calling.”:
A case study on scams, extortion, impersonation, and phone spoofing.
In Electronic Crime Research (eCrime), 2017 APWG Symposium on,
pages 57–69. IEEE, 2017.
Tom Buchanan and Monica T. Whitty. The online dating romance scam:
causes and consequences of victimhood. Psychology, Crime & Law,
(3):261–283, 2014.
Carolyn Budd and Jessica Anderson. Consumer Fraud in Australasia:
Results of the Australasian Consumer Fraud Taskforce Online Australia
Surveys 2008 and 2009. Australian Institute of Criminology, 2011.
Compute Canada. Research portal home – compute canada. https://ww
w.computecanada.ca/research-portal/, 2019.
Oscar Celestino. Survey scams aimed at social networking netizens. bit.
ly/2Jr9UXK, 2012.
JasonW. Clark and Damon McCoy. There are no free ipads: An analysis
of survey scams as a business. In Presented as part of the 6th USENIX
Workshop on Large-Scale Exploits and Emergent Threats, Washington,
D.C., 2013. USENIX.
Cassandra Cross, Kelly Richards, and Russell G. Smith. The reporting
experiences and support needs of victims of online fraud. Trends and
Issues in Crime and Criminal Justice, 518:1–14, 2016.
Qian Cui, Guy-Vincent Jourdan, Gregor V. Bochmann, Russell Couturier,
and Iosif-Viorel Onut. Tracking phishing attacks over time.
In International World Wide Web Conferences Steering Committee,
pages 667–676, 2017.
Nishant Doshi. Survey scammers moving to pinterest. symc.ly/2SwIfb
Z, 2012.
F. Idrees and M. Rajarajan. Investigating the android intents and
permissions for malware detection. In 2014 IEEE 10th International
Conference on Wireless and Mobile Computing, Networking and Communications
(WiMob), pages 354–358, Oct. 2014.
L. Jing. Mobile internet malicious application detection method based
on support vector machine. In 2017 International Conference on Smart
Grid and Electrical Automation (ICSGEA), pages 260–263, May 2017.
Daniel Jurafsky and James H. Martin. Markov assumption. stanford.io/
zsjAy, 2014.
Daniel Kaszor. How free-to-play games make money. bit.ly/2QgHpPc,
Kate Kershner. How do free-to-play games make money? bit.ly/2yN3h
uU, 2018.
Amin Kharraz, William Robertson, and Engin Kirda. Surveylance:
Automatically detecting online survey scams. In 2018 IEEE Symposium
on Security and Privacy (SP), pages 70–86. IEEE, 2018.
Christian Kopp, James Sillitoe, Iqbal Gondal, and Robert Layton. THE
ONLINE ROMANCE SCAM: A COMPLEX TWO-LAYER SCAM.
Journal of Psychological & Educational Research, 24(2):144–161,
Mike Laanela. Canada’s top 10 scams earned crooks $1.2 b last year,
say bbb j cbc news. bit.ly/2P6r2IC, 2016.
Sophie Le Page, Guy-Vincent Jourdan, Gregor V. Bochmann, Jason
Flood, and Iosif-Viorel Onut. Using url shorteners to compare phishing
and malware attacks. In In APWG Symposium on Electronic Crime
Research (eCrime), pages 1–13. IEEE, 2018.
Manzhi Yang and QiaoYanWen. Detecting android malware with intensive
feature engineering. In 2016 7th IEEE International Conference on
Software Engineering and Service Science (ICSESS), pages 157–161,
Aug. 2016.
Najmeh Miramirkhani, Oleksii Starov, and Nick Nikiforakis. Dial one
for scam: A large-scale analysis of technical support scams. arXiv
preprint arXiv:1607.06891, 2016.
Satnam Narang. Instascam: Instagram for pc leads to survey scam. sy
mc.ly/2ESLmbC, 2013.
Online. Dns-bh malware domains. http://www.malwaredomains.com/,
Online. hphosts online, simple, searchable & free. https://hosts-file.net/,
Online. Malcode database. http://malc0de.com/database/, 2017.
Online. Mdl: Malware domain list. https://www.malwaredomainlist.co
m/, 2017.
Online. Sans: Suspicious domains. bit.ly/2FNCzHv, 2017.
Online. The swiss security blog. bit.ly/2EE7HK1, 2017.
Online. Avast download free antivirus for pc, mac and android. https:
//bit.ly/2XaviWv, 2018.
Online. Avg 2019 free antivirus, vpn and tuneup for all your devices.
https://bit.ly/2RKgsVE, 2018.
Online. Beautifulsoup. https://pypi.org/project/beautifulsoup4/, 2018.
Online. Beware of music g8 at musicg8.com – it is a fraudulent website.
http://bit.ly/2XDi4pG, 2018.
Online. Bitdefender antivirus – discover the complete security solution.
https://bit.ly/2NmsXs2, 2018.
Online. Chromedriver – webdriver for chrome. bit.ly/2CMwVBG, 2018.
Online. Google safe browsing api. https://goo.gl/4yAFyQ, 2018.
Online. Kaspersky lab antivirus protection and internet security software.
https://bit.ly/3038R7H, 2018.
Online. Selenium with python, selenium python bindings. bit.ly/2LNld
Jn, 2018.
Online. Virustotal. https://www.virustotal.com/, 2018.
Online. Country codes, phone codes, dialing codes, telephone codes, iso
country codes. https://countrycode.org/, 2019.
Online. Google trends. https://trends.google.com/trends/?geo=US,
Orla. Technical support phone scam. symc.ly/2OdDyR3, 2010.
Stelian Pilici. How to remove “2017 annual visitor survey” adware
(virus help guide). bit.ly/2yGeLjU, 2017.
Stelian Pilici. How to remove “chrome opinion survey” pop-ups (survey
scam). bit.ly/2ziF5A6, 2018.
Sampsa Rauti and Ville Leppänen. “you have a potential hacker’s infection”:
A study on technical support scams. In 2017 IEEE International
Conference on Computer and Information Technology (CIT), pages
–203. IEEE, 2017.
Merve Sahin, Marc Relieu, and Aurélien Francillon. Using chatbots
against voice spam: Analyzing lenny’s effectiveness. In Thirteenth Symposium
on Usable Privacy and Security (SOUPS 2017), pages 319–337,
Santa Clara, CA, 2017. USENIX Association.
Bharat Srinivasan, Athanasios Kountouras, Najmeh Miramirkhani,
Monjur Alam, Nick Nikiforakis, Manos Antonakakis, and Mustaque
Ahamad. Exposing search and advertisement abuse tactics and infrastructure
of technical support scammers. In Proceedings of the 2018
World Wide Web Conference on World Wide Web, pages 319–328.
International World Wide Web Conferences Steering Committee, 2018.
P. Tiwari, G. Tere, and P. Singh. Malware detection in android application
by rigorous analysis of decompiled source code. In 2016
International Conference on Computing Communication Control and
Automation (ICCUBEA), pages 1–6, Aug. 2016.
Vanessa. Detailed information about 888.980.9787 or 888.980.9787
phone number in free number 888 free 8xx us. bit.ly/2RMmbxv, 2018.
Monica T. Whitty. Anatomy of the online dating romance scam. Security
Journal, 28(4):443–455, 2015.
Monica T. Whitty and Tom Buchanan. The online romance scam: A serious
cybercrime. CyberPsychology, Behavior, and Social Networking,
(3):181–183, 2012.
CandidWueest. Fast-flux facebook application scams. symc.ly/2ADviG
F, 2011.
Zhongyuan Qin, Yuqing Xu, Yuxing Di, Qunfang Zhang, and Jie Huang.
Android malware detection based on permission and behavior analysis.
In International Conference on Cyberspace Technology (CCT 2014),
pages 1–4, Nov. 2014.
