The dark side of kids’ virtual gaming worlds

The metaverse, a virtual world where — as a digital avatar — you can visit places, shop for products, or subscribe to services, has become a media phenomenon in 2023. And while it’s a virtual gaming world where companies can build brands and engage with people, many question its safety.

In metaverse, users are able to hide their identity behind an avatar, potentially allowing criminals to pose as 10-15-year-olds, groom children and offer face-to-face meetings in the real world. This emerging space also presents new openings for threat actors to exploit inexperienced and unaccustomed computer users for monetary gain through targeted phishing and social engineering cyberattacks. Children and adolescents with a lack of cybersecurity knowledge potentially also become one of the main targets of such attacks.

Few people consider children actively spend up to six hours-a-day participating in their own virtual gaming online metaverse. And while virtual online universes have been around for a long time, with gamers playing and chatting with friends and strangers from all around the world, the threats that potentially exist for children in the metaverse are much more prevalent here.

In this report, we have analyzed the latest statistics on cyberthreats targeting young gamers and provide an overview of the most well-spread threats for children in virtual gaming worlds that players and their parents must be aware of.

Methodology


To assess the current gaming risks landscape for young players, we have observed the most popular children’s PC games threats. Kaspersky experts have searched their titles as keywords to determine the scale of distribution of malicious files and unwanted software related to these games, and the number of users attacked by these files. For these purposes, we examined threat statistics from Kaspersky Security Network (KSN), a system for processing anonymized cyberthreat-related data shared voluntarily by Kaspersky users, for the period between January 2021 and December 2022.

To limit the research scope, we analyzed the most popular kid’s games, based on our yearly kids’ interest report, and chose those where the average player age is between three and sixteen that allows users to play online in a virtual world with friends and unfamiliar users. Game selections were based on the Top 13 games, game series and platforms available for download. Additionally, we also evaluated phishing activity around these following titles and found numerous scam examples targeting young gamers:

  1. Minecraft
  2. Animal Crossing: New Horizons
  3. Roblox
  4. Fortnite
  5. Club Penguin
  6. Apex Legend
  7. Brawl Stars
  8. Five Nights at Freddy’s
  9. Toca Life World
  10. Overwatch 2
  11. Among us
  12. Poppy Playtime
  13. Valorant

Key findings


  • More than 232,000 users encountered almost 40,000 malicious files spread under the guise of popular games played by children in 2022
  • Kaspersky security solutions detected more than 7 million attacks in 2022 relating to popular children’s games, resulting in a 57 percent increase in attack attempts compared to 2021
  • The most popular titles exploited by cybercriminals are Minecraft and Roblox, both in 2021 and 2022
  • The top children’s games by the number of attacked users included Poppy Playtime and Toca Life World, primarily designed for 3-8-year-old children. This shows cybercriminals are trying to attack even the youngest gamers, likely, to reach their parent’s devices;
  • Kaspersky experts observed a 41 percent rise in the number of affected users downloading malicious files disguised as Brawl Stars, attacking approximately 10,000 gamers in 2022.

The most exploited children’s games in 2021-2022


From January 2022 to December 2022, 39,973 files that included malware and potentially unwanted applications were distributed using popular children’s game titles as a lure, with 232,735 users encountering these threats globally. During the same period a year earlier, Kaspersky experts detected that 273,420 users encountered 53,010 unique files spread under the guise of the games for kids in 2021.

Users attempting to download malicious or unwanted files disguised as games for children by quarter, Q1 2021 — Q4 2022

Users attempting to download malicious or unwanted files disguised as games for children by quarter, Q1 2021 — Q4 2022

The number of malicious and unwanted files disguised as popular children's games by quarter, Q1 2021 — Q4 2022

The number of malicious and unwanted files disguised as popular children’s games by quarter, Q1 2021 — Q4 2022

Despite the number of affected users and distributed files decreasing slightly in 2022, cybercriminals have not abandoned this attack vector. In addition, the number of attempts in 2022 increased compared to the year before. In total, Kaspersky security solutions detected more than 7 million attacks from January 2022 and December 2022. In 2021, cybercriminals attempted 4.5 million attacks, resulting in a 57 percent increase in attack attempts in 2022.

Attempts to download malicious or unwanted files disguised as games for children, by quarter, Q1 2021 — Q4 2022

Attempts to download malicious or unwanted files disguised as games for children, by quarter, Q1 2021 — Q4 2022

Minecraft and Roblox are among the most popular games for children and teenagers allowing them to play in virtual worlds with friends and strangers, and are the titles most exploited by cybercriminals in 2022 and 2021.

Traditionally, Minecraft has been the most targeted by cybercriminals. In 2022, more than 140,000 users encountered attacks while trying to download Minecraft-related files. In the gaming community it is common to use cheats and mods allowing you to update and customize your virtual world. This exact feature is used by fraudsters who distribute malware and unwanted applications under the guise of additional functions and mods in Minecraft.

In 2022, the top children’s games by the number of attacked users includes games for the youngest children — Poppy Playtime and Toca Life World — that are designed for children 3-8-years-old. The number of users attacked (11,164 for Poppy Playtime and 8,155 for Toca Life World) highlights that cybercriminals do not filter their targets by age and attack even the youngest gamers, potentially with the goal of gaining access to their parent’s devices. Therefore, parents need to be especially careful about what apps their children download and whether their devices have trusted security solutions installed.

Game title Users affected
1 Minecraft 140,515
2 Roblox 38,850
3 Among Us 27,503
4 Poppy Playtime 11,164
5 Brawl Stars 9,688
6 Toca Life World 8,155
7 Fortnite 7,524
8 Valorant 7,095
9 Five Nights at Freddy’s 683
10 Apex Legend 580

Top 10 children’s games used as a lure for distribution of malware and unwanted software by number of affected users, January 1, 2022, to December 31, 2022

Game title Files spread
1 Minecraft 17,779
2 Roblox 9,766
3 Fortnite 5,568
4 Valorant 4,987
5 Among us 3,032
6 Brawl Stars 1,295
7 Toca Life World 952
8 Poppy Playtime 948
9 Apex Legend 635
10 Overwatch 2 168

Top 10 children’s games used as a lure for distribution of malware and unwanted software by the number of files, January 1, 2022, to December 31, 2022

Kaspersky experts also noted that in 2022, the number of users attacked and distributed files under the guise of games increased for two specific titles — Roblox and Brawl Stars. What’s especially dangerous is that half of Roblox’s 60 million users are under the age of 13, with the majority of victims of such cybercriminals’ attacks potentially children who lack cybersecurity knowledge. In 2022, nearly 40,000 Kaspersky users trying to download a Roblox-related file were attacked by cybercriminals, with almost 10,000 malicious files distributed — a 14 percent increase in the number of affected users, compared to 33,000 in 2021.

Users attempting to download malicious or unwanted files disguised Roblox by quarter, Q1 2021 — Q4 2022

Users attempting to download malicious or unwanted files disguised Roblox by quarter, Q1 2021 — Q4 2022

Brawl Stars, a multiplayer online battle arena and third-person hero shooter children’s video game that allows players around the world to fight together has also been targeted by cybercriminals. According to Kaspersky’s telemetry, cybercriminals made approximately 410,000 attempts to attack users in 2022, distributing malicious files disguised as Brawl Stars. In total, we observed a 41 percent rise in the number of affected users, reaching almost 10,000 gamers in 2022.

Users attempting to download malicious or unwanted files disguised as Brawl Stars by quarter, Q1 2021 — Q4 2022

Users attempting to download malicious or unwanted files disguised as Brawl Stars by quarter, Q1 2021 — Q4 2022

Analyzing the distribution of threats under the guise of popular children’s games, Kaspersky researchers discovered downloaders accounted for an overwhelming majority (more than 6.5 million of infection cases) of software being spread. While this type of software is not malicious in itself, downloaders are often used to load other threats onto devices. Another common software spread as kid’s games is adware, throwing advertisements up on the user’s screen. Other threats distributed under the titles of popular games include various Trojans, such as Trojan-SMS and Trojan-Spy.

Threat Infection cases
1 not-a-virus:Downloader 6,551,122
2 not-a-virus:AdWare 315,576
3 Trojan 80,881
4 not-a-virus:RiskTool 30,526
5 Trojan-SMS 21,163
6 Trojan-Spy 19,383
7 Trojan-Downloader 16,777
8 DangerousObject 15,017
9 not-a-virus:WebToolbar 13,933
10 Trojan-PSW 11,299

Top 10 threats distributed worldwide under the guise of popular children’s games January 1, 2022, to December 31, 2022

Caught on a hook: scams on children’s virtual worlds


One of the most common social engineering techniques targeting young players, involves offers to generate internal game currency for free. For example, Fortnite features V-bucks, while Roblox features Robux. In-game currency has become such a popular phenomenon in virtual children’s worlds that some kids ask parents to top-up Roblox accounts rather than ask for pocket money. Naturally, many young gamers want to get free V-bucks and Robux instead of asking their parents. This is the hook cybercriminals use to catch them.

The scam starts with a request to enter the username in the game and select the amount of game currency you want — only to make their fake site look legitimate. Next, cybercriminals will ask users to answer an online survey to pass “human verification”, offering, for example, an iPhone as a prize. To ‘win’, victims must pay a small commission. However, after paying, the user won’t get any further information, and are without both prize and money.

Cybercriminals ask gamers to enter their username and choose the number of V-bucks they want to generate

Cybercriminals ask gamers to enter their username and choose the number of V-bucks they want to generate

To further convince users of a site’s legitimacy, they also create a separate window marked “Recent Activities”, which automatically updates and notifies visitors about “successful” currency generation transactions.

The platform with various fake reviews to make users to try to

The platform with various fake reviews to make users to try to “generate” Robux for free

Since most of these games are played by children, cybercriminals don’t even bother to make less obvious deception schemes. Most likely, they hope that children and teenagers have little experience or knowledge of cybercriminal traps, and will easily fall for even the most primitive schemes. Hardcore gamers are harder to fool, and scammers go to great lengths to catch them on a hook. They create phishing sites, identical to the interfaces of many popular in-game stores like CS:GO, PUBG and Warface, or even offer to buy a package of dozens or even hundreds of licensed games for less than a dollar. Learn more about how the attacks on gamers of different ages differ in a new blogpost on KDaily.

Regarding attacks on young gamers, one of the detected phishing pages asks users to enter the amount of internal currency they want in Brawl Stars and — without hiding — asks them to specify the username and password of the email linked to Supercell, the store where you can download Brawl Stars app. Creators of the page do not indicate why young gamers need to enter the username and password from the email to get free currency. After entering this data, the user’s email account will be hacked. Having gained access to the victim’s email, attackers can request a login code for the game account and steal it by changing the password so that the victim cannot regain access.

Users are asked to enter the login information to Supersell store

Users are asked to enter the login information to Supersell store

In addition to generating in-game currency, young gamers are also offered to boost their rank in games. On one of the discovered pages, users can choose which of their characters in Apex Legend they want to boost and to what rank. However, unlike previous examples, this help is not free. Besides the data from their game account, the player will also need to pay for the boost through PayPal. It is unknown whether users will really get the boost, thus, gamers should always treat such offers with doubt: these are temporary sites on freshly created domains, with no official documentation and it is not known if the offer is really legitimate.

Some doubt children search for such services and enter their own, or their parents’ bank card data, however, cybercriminals and even game developers intentionally create their applications in such a way as to encourage children to make unintended purchases within the game. For example, “Fortnite” maker Epic Games has agreed to pay a total of $520 million to settle US government allegations that it misled millions of players — including children and teens — into nudging them into making numerous unintended purchases.

To boost their rank in Apex Legends, players need to choose their character and pay for the order

To boost their rank in Apex Legends, players need to choose their character and pay for the order

To convince players to use this platform to boost their rank, the creators of the page even cited the average price of such a service offered on other sites appearing in the first 10 searches on Google, and compared it to theirs, which is much lower. However, this might be just a clever marketing ploy to lure users into a trap.

The creators of this page provides data on how many dollars you can save if you use their platform to boost your rank in Apex Legends

The creators of this page provides data on how many dollars you can save if you use their platform to boost your rank in Apex Legends

Kaspersky also found numerous offers to download games loved by millions of children from third-party sites, rather than official stores. Along with the desired game, fans also get unwanted applications or even malware, silently collecting data from the infected device.

The users are offered to download the desired game which infect may turn out to be a malicious program

The users are offered to download the desired game which infect may turn out to be a malicious program

Besides the entire apps, cybercriminals also offer to download popular cheats and mods for games. In addition to the download button, they also add to the phishing page a video example of how the cheat will help users in the game. For example, to move more efficiently than other players or take less damage from an attack.

The offer to download a cheat on Valorant with a video example

The offer to download a cheat on Valorant with a video example

Unlike the previous examples, the user gets a whole manual on how to properly install the cheat. What’s particularly interesting is that there’s a separate point about the need to disable antivirus before installing the file. This may not alert young players, but it might be specially created so malware avoids detection on the infected device. The longer the user’s antivirus is disabled the more information might be collected from the victim’s computer. Therefore, we advise players to always have the trusted security solutions on their device and only download the files only from official stores.

Players are asked to turn off antivirus while downloading a suspicious file

Players are asked to turn off antivirus while downloading a suspicious file

According to Kaspersky data, phishing pages created by cybercriminals mostly targeted Roblox, Minecraft, Fortnite, and Apex Legends games. In total more than 878,000 phishing pages were created for these four games in 2022. Of these, 823,000 were created for Roblox alone. In January 2023, attackers created a record 132,794 Roblox-related phishing sites, when the peak in 2022 was 123,832.

The number of Roblox-related phishing pages, January 2022 — January 2023

The number of Roblox-related phishing pages, January 2022 — January 2023

Social-related threats for children in virtual gaming worlds


Cyberbullying

Cyberbullying is unfortunately fairly common among children and adolescents in gaming, and can take place between kids that know one another, such as classmates at school, or between strangers. They may leave intimidating voice chats or texts in the chat function, or make someone lose a game on purpose.

If someone is not performing well in a game, other players may curse or make negative remarks that can turn into bullying, or even exclude the person from playing together. Anonymity of players and the use of avatars allow users to harass, bully, and sometimes gang up on other players. A study carried out by an anti-bullying charity found that 57 percent of young people had experienced bullying online when playing games. In addition, 22 percent said they had stopped playing a game as a result. Even though the bully is in the wrong, many teens feel too embarrassed or ashamed to speak up to ask for help.

Doxing & Stalking

Doxing is a worse form of cyberbullying involving the disclosure of personal information available online. Doxing can compromise not just a child’s information, also that of their parents, and can make them both targets of bullying and harassment. Reasons for doxing range from personal animosity to a desire to punish a player for poor play.

Doxers may single out your child in a general chat channel and then start sending personal messages, asking for detailed personal information. The child’s online ID could also open them up for harassment. According to Forbes, three in five (60%) of those survey aged between 13 and 17 have experienced harassment in online multiplayer games. Thus, they should never create user IDs with any part of their real names or nicknames.

If cyber criminals get your child’s real name, they could search other social media accounts. You should teach your child never to give out their address, geo-location or login credentials and password in a chat window.

Grooming

Grooming is one of the worst threats to children in virtual game worlds. Grooming is when predators insert themselves into the child’s life by exploiting the child’s vulnerabilities. The predator creates a false sense of trust by filling a need in the child’s life and isolating the child. During this process, the predator sexualizes the relationship and ultimately gains control of the child.

For some games, unmoderated voice and text chat is a large part of the experience. Children are encouraged to chat to strangers and these games have been misused to exploit children. With more young people online, criminals can build trust virtually, similar to how they would in person — by offering gifts or promises of friendship.

Unfortunately, there were a number of cases where children were groomed in popular games. A 9-year-old-boy was groomed on Fortnite with a man telling him he’d be banned in a game if they didn’t meet; in Europe, a man groomed two boys, aged 12 and 14. After connecting on Minecraft, the man moved communication to Skype and asked for sexually explicit photos. This man was on the sex offender registry before joining the game, yet he was allowed to play the game and speak to young players.

Conclusion and recommendations


Both cybersecurity and social-related threats remain particular problems in gaming for children, parents should always be vigilant about their children’s behavior and maintain a positive tone of communication if a threat appears. To spot a threat, you should always look out for a change. If you notice a sudden change in their gaming habits, this may be a cause for concern. While as a parent, you may be initially relieved that your child is pulling back from gaming, ensure that you take the time to understand why they have made this decision. Teens who are being bullied online may decide to remove themselves from the computer to limit their interactions with the bully, but still carry about the shame or fear. If your child lacks social interaction and disinterest in going to school or other outings might mean your teen is being cyberbullied. As the cyberbullying continues, their confidence level drops which can result in the desire to stay home all the time.

Here’s what you can do to provide the safest way of gaming for your child:

  • Encourage them to talk to you about their online experience and, in particular, anything that makes them feel uncomfortable or threatened.
  • Let your child play games with people they know at least in the beginning. Check if your child can set up their own private game or server.
  • Teach children about safe digital behavior, including not clicking on links from strangers; not downloading bots (software for automated tasks) or clicking on links in gaming forums; not sharing personal information like emails, phone numbers, addresses, and passwords; not participating in bullying behavior of other players; and what to do if they observe or experience cyberbullying.
  • Help your child choose a unique password and aim to change it periodically.
  • Set clear ground rules about what they can and can’t do online and explain why you have put them in place. You need to review these as your child gets older.
  • The Parental control software can help to establish the framework for what’s acceptable — how much time (and when) they can spend online, what content should be blocked, what types of activity should be blocked (chat rooms, forums, etc). Parental control filters can be configured for different computer profiles, allowing you to customize the filters for different children.
  • Install a trusted security solution on your children’s devices to prevent any cybersecurity threat. It works smoothly with Steam and other gaming services.