Malicious users are usually only interested in the victim’s username and password, but they are not interested in the server address used by the player. The malicious user knows which server the victim is playing on and is probably playing the same. This applies to both bandarqq thieves making money on illegal and official servers. However, the likelihood that items of players using illegal servers will be stolen by thieves is much greater.
Social engineering
The cybercriminal who places such an offer is not as naive as it might seem at first. Players who are looking for ways to facilitate the game and respond to such offers are gullible. The malicious user achieves his goal (acquires passwords), leaving his victims with nothing.
Another known method of social engineering is phishing, which consists of cybercriminals sending phishing messages allegedly from server administrators and containing a request for account authorization and a link to a page through which this can be done. Below is an example of using such tactics. After translation, the message reads as follows:
Hello,
You received this message because you are a registered user on our server (www.Lineage2.su) Please confirm the use of our server by going through the authorization process here:
The exploitation of vulnerabilities in-game servers
A game server is a set of system services, programs, and databases that support a game. As with all other software, the server code contains programmer errors. Such potential bandarqq vulnerabilities can be used by cybercriminals to gain access to server databases and to collect player passwords or password hashes (encrypted passwords that can be decrypted using specialized programs).
For example, there is a known vulnerability associated with in-game chat. If the chat environment is not isolated from the game database and the special symbols/commands are not checked, a malicious user can access the player’s databases directly from the player’s chat, manually or using a specialized tool. The number of vulnerabilities that a malicious user can use to access the server’s internal database depends on the server. Creating special patches for vulnerabilities in illegal servers is a time-consuming process, much more than in the case of official servers.
Another way to get passwords is to use the mechanism used to remind users of forgotten passwords. Cyber criminals send crafted requests to the system (or simply use a brute force approach to break the password by trying all possible combinations), then change the victim’s password and enter the game using a new password that the user naturally does not know.
