Official Releases of League of Legends, FIFA Online Infected with Malware

Cybercriminals packaged malicious code into legitimate online games. Path of Exile also was poisoned.

The tainted games appeared to target users located in Asia.

Once a player downloads the legit game or an update for the game, the criminal activity begins. The game launcher drops in a type of malware called “PlugX.”

PlugX allows unauthorized users to steal data remotely. This variant of PlugX creates its own autostart service rather than relying on the legitimate app’s service.

The compromised games were traced back to Garena, a consumer Internet platform provider in Asia. Garena has partnerships with developers including Riot Games, S2 Games, and Electronic Arts.

In an official post, Garena stated that “computers and patch servers were infected with Trojans [remote access malware]. As a result, all the installation files distributed for the games League of Legends and Path of Exile are infected.”

Further investigation by Trend Micro found that FIFA Online 3, another Garena release, also was compromised.

It seems that only the Taiwanese versions of the LoL and PoE installers were compromised. FIFA Online 3 victims are mostly from Singapore, as the download link is hosted in the same country. Trend Micro also has seen victims from other Asian countries such as Thailand, Malaysia, and Hong Kong.