Heaptalk, Jakarta — Kaspersky reported that young gamers are increasingly becoming targets of cybercriminals. These threats are disguised as popular children’s video games.
Between July 1, 2023, and June 30, 2024, the cybersecurity company recorded over 6.6 million attempted attacks in which cybercriminals exploited children’s game brands as bait. Between the 18 games selected for this research, most of the attacks were related to Minecraft, Roblox, and Among Us.
According to Kaspersky’s statistics, over 3 million attack attempts disguised as Minecraft were launched during the reported period. Cybercriminals likely chose this method of attack due to the game’s popularity among players and the possibility for gamers to use cheats and mods. Since most mods and cheats are distributed on third-party websites, attackers hide malware by posing as these applications.
Need for cyber hygiene education
Vasily M. Kolesnikov, a security expert at Kaspersky, revealed that attacks targeting children are becoming a common vector of cybercriminal activity. Cyber hygiene education and using trusted cybersecurity tools are essential in ensuring children’s safety online. “By fostering critical thinking, responsible online behavior, and a strong understanding of security risks, we can create a safer and more positive online experience for this generation of digital natives,” Vasily said.
On the other hand, cybercriminals are increasingly using AI to automate and personalize phishing attacks that are more likely to attract young gamers. At the same time, new advanced phishing tools—pre-built phishing page templates—created with automated tools continue to appear on the dark web. These methods allow more attackers to deploy the most effective phishing sites that mimic popular gaming platforms.
One of the most common scams in gaming involves offers to receive new skins for player characters—essentially clothing or armor that enhances a hero’s skills. Some skins are standard, while others are scarce and more desirable.
Tapping on YouTuber Mr. Beast
Kaspersky experts have found examples of scams using the popular game Valorant and the famous YouTuber Mr. Beast. By choosing this blogger and using his image, scammers aim to attract children’s attention and lure them into the scam. To obtain the desired Mr. Beast skin, these young gamers are asked to enter their game account login and password, potentially allowing the scammers to steal their credentials.
Another popular trap is the offer to receive in-game currency. Users were asked to enter their game account username in one scam exploiting the Pokémon Go brand. They were then prompted to complete a survey to prove they were not bots.
After completing the survey, they were redirected to a fake website, often promising rewards or free giveaways. This is where the scam truly begins. The scammers aren’t necessarily after personal data like credit card details; they use the game’s guise to lure users into other deceptions—such as fake downloads, prize claims, or other fraudulent offers. This process cleverly steers users into more dangerous scams disguised as legitimate verification steps.
