Valorant beta key generators riddled with data-stealing malware

Twitch drops remain the only working method of retrieving Valorant beta keys

Fake Valorant Beta keys include malwareFake executables that claim to patch Valorant for free closed beta access are a lie: data stealers like njRAT installed instead

With video game business booming, new titles are being produced regularly, and the next big thing is Valorant – a highly anticipated tactical first-person shooter by Riot Games. The closed beta was first opened on April 7th, which means that not everybody gets a chance to play the game before its official release, but a selected group of people instead. In the hopes of being the selected ones, 1.7 million people tuned into to video-streaming platform Twitch on the release day alone to receive a random drop by watching their favorite streamers playing the game.[1]

Since the invitations are delivered randomly to people who are watching Valorant streams, many have been eager to get a chance of experience the game first-hand and, while some were lucky, others – not so much. In the hopes of acquiring access to the game, gamers began to seek alternative methods of accessing the closed beta, and cybercriminals were fast to arrange what they were looking for.

Those who were ready to cheat should also be aware that hackers are in the midst of releasing fake beta key generators, in-game cheats, and patches. The malware behind these fake tools varies in its functionality, but the main type of infection are data-stealers. As usual, threat actors are trying to capitalize on popular trends, so games should be aware that their will to play the game might result in computer and sensitive data compromise.

Among distributed malware – data stealers like njRAT and Windows-freezing prank

While there are no specific details revealed about how the malware is being distributed, but security research Albert Zsigovits from Sophos[2] has discovered the code on a malicious page of Pastebin, a well-known place where a programming code can be stored. Allegedly, only two anti-malware vendors flag the page as malicious, as per results on Virus Total.[3]

The most commonly encountered infections behind fake Valorant beta keys are a well-known Trojans like njRAT[4] and QuasarRAT. Not only can these infection log keys, but they also steal all the data from most popular browsers, such as Google Chrome, Mozilla Firefox, or Opera, and as well as FTP sources like FileZilla.

Researches also found evidence that other malware delivered through Discord (an executable file named valorant_key_generator.exe) did not have data-stealing capabilities but instead made Windows run all its resources to the maximum, freezing and crashing the machine altogether. Since the malware has no other purpose, it is highly likely to have been developed as a prank by bored hacker-wannabees. Despite that, it can still cause major disruption and stress to the victim.

While data sealing Trojans are most likely to be distributed via phishing messages on a popular VoIP application Discord (which is prominent among gamers), njRAT and QuasarRAT are also known to be delivered via other methods, such as spam email attachments. Nonetheless, since the audience is targeted, it is highly likely that cybercriminals will stick to Discord and descriptions on YouTube videos that advertise fake cheat/beta key tools, similarly what happened with Epic Games' BR game Fortnite a couple of years ago.[5]

As evident, gamers should not look for “alternative” ways to access the closed beta of Valorant, as they might end up with a serious computer infection.

Are fake beta keys the only threat surrounding Valorant?

Fake beta key generators are not the only security concern that might be surrounding the game, however. As soon as players install the game, they are asked to reboot the PC, which is quite unusual for modern games. This is because, with Valorant, a particular anti-cheat module is installed, which prevents cheaters from using in-game exploits and gaining unfair advantages. The system, called Vanguard, has been highly praised, as it works much better in comparison to systems that are implemented in games of other developers.

To function correctly, Valorant's anti-cheat mechanic installs a kernel-level driver on each of the systems that run the game. Because kernel driver loads before anything else on the system, it prevents cheats from being applied. However, in case Vanguard does suffer from software vulnerabilities in the future, it could be direct access to users' machines. In other, more daring statements, some security advocates called the anti-cheat a simple rootkit that, if wanted, could be exploited to spy on users in all possible ways.[6] Controversies aside, the primary worry for most players should be fake Valorant keys and cheats, which are now actively being distributed via Discord and other methods.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions

References
Files
Software
Compare