Valorant Cheats Will Steal Your Passwords

Korean security analysts detect malware in cheats for Valorant that are distributed on YouTube. The creators of such videos easily bypass the website's control measures and persuade players to download the program stealing information.

Data stealing

Korean analysts from ASEC have detected malware contained in cheats for Valorant. The aiming assistance app is available through YouTube.

Users who download the file found in the video's description will be redirected to anonfiles page with a RAR archive containing the file "Cheat installer.exe". It is actually a link to RedLine Stealer, a software designed to steal passwords.

A video promoting "free" cheats. Source: www.asec.ahnlab.com

RedLine Stealer steals the following data

1. Basic information: Computer name, user name, IP address, Windows version, computer information (CPU, GPU, RAM, etc.), and process list.
2. Web Browsers: Passwords, credit card numbers, AutoFill forms, bookmarks and cookies from Chrome, Chrome-based browsers, and Firefox.
3. Cryptocurrency wallets: Armory, AtomicWallet, BitcoinCore, Bytecoin, DashCore, Electrum, Ethereum, LitecoinCore, Monero, Exodus, Zcash, and Jaxx.
4. VPN Client: ProtonVPN, OpenVPN and NordVPN.
5. Other: FileZilla (host address, port number, username and passwords), Minecraft (account details), Steam (client session), Discord (token information).

After collecting this information, RedLine packs it into ZIP archives and sends it to a Discord server using a WebHook API POST request.

Do not trust links from YouTube

Cheating in video games, apart from taking the fun out of the game and spoiling the gameplay for others, is also a security risk.

Tools of this type are not created by trustworthy entities and do not have a digital signature, thus - in most cases - they have unwanted software. ASEC's report is just a drop in the ocean of such malicious practices preying on people's ignorance.