A new cryptojacking scam masquerading as a video game garnered 6,000 downloads before being removed from the popular cloud-based platform on which it was hosted.

The game, called “Abstractism,” appeared on gaming distribution platform Steam after parent company Valve adopted an “anything goes policy” for its digital store, Fortune reported in July 2018. According to Motherboard, the game was originally released in March 2018 by developer Okalo Union and publisher dead.team as a “trivial platformer,” which has players move blocks in a 2D space to the sound of soothing music.

Despite the game’s minimalist graphics and lightweight concept, users began noticing device performance issues and discovered that the program was conducting significant amounts of network communication. The developers also encouraged users to leave the game running in the background for a chance to obtain rare items. Although patch notes expressly stated that the game was not crypto-mining malware, mounting evidence to the contrary forced Steam to remove it on July 30.

Gaming Platforms Are Not All Fun and Games

The threat posed by cryptojacking scams such as Abstractism is particularly concerning for security professionals because many companies are hiring gamers to help close the IT skills gap — meaning there’s a greater chance that this type of malware could compromise business networks.

Although the game does trigger Windows Defender and antivirus alerts, its lightweight nature makes it easy to overlook these red flags — even as it hogs both central processing unit (CPU) and graphics processing unit (GPU) resources. It doesn’t take much for malware makers to create crypto-mining code — in fact, the smaller, the better.

Steam’s move to an open marketplace is also worrisome, and not just because companies will suddenly be inundated with thousands of “Abstractism” copies. With cloud-based marketplaces no longer attempting to control every piece of software they offer, the responsibility for overseeing games, productivity tools and open-source offerings has shifted to corporate IT teams.

How to Minimize the Threat of Cryptojacking

To avoid costly losses due to cryptojacking games and other malicious apps, IBM Security experts recommend implementing advanced security information and event management (SIEM) and behavioral analytics tools to detect high CPU and GPU usage.

Security experts also suggest using a managed cloud access security broker (CASB) to help mitigate the impact of shadow IT — which, in this case, could include crypto-mining games downloaded onto business devices and any other cloud-based apps that aren’t approved by IT teams.

Sources: Fortune, Motherboard

More from

Did Brazil DSL Modem Attacks Change Device Security?

From 2011 to 2012, millions of Internet users in Brazil fell victim to a massive attack against vulnerable DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain name system (DNS) servers. Victims trying to visit popular websites (Google, Facebook) were instead directed to imposter sites. These rogue sites then installed malware on victims' computers. According to a report from Kaspersky Lab Expert Fabio Assolini citing statistics from Brazil's Computer Emergency Response Team, the attack ultimately…

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

Securing Your SAP Environments: Going Beyond Access Control

Many large businesses run SAP to manage their business operations and their customer relations. Security has become an increasingly critical priority due to the ongoing digitalization of society and the new opportunities that attackers exploit to achieve a system breach. Recent attacks related to corrupt data, stealing personal information and escalating privileges for remote code execution all highlight the new and varied entry points threat actors have taken advantage of. Attackers with the appropriate skills could be able to exploit…