Saudi Arabia, Qatar, and Türkiye among top hotspots as threat actors exploit booming gaming community via Discord and fake indie game downloads
Acronis’ Threat Research Unit (TRU) has uncovered a stealthy malware campaign targeting online gamers across the globe, with Middle Eastern countries—particularly Saudi Arabia, Qatar, and Türkiye—emerging as some of the worst-hit. The attackers are leveraging the region’s US$7 billion gaming industry and its predominantly young, digitally native user base to distribute infostealer malware under the guise of beta game downloads.
The campaign, which began spreading in Brazil and the United States, has now reached global proportions. Victims are lured with supposed beta versions of indie games such as Baruda Quest, Warstorm Fire, and Dire Talon. Once downloaded, these fake installers infect users with malware like Leet Stealer, RMC Stealer, and Sniffer Stealer—designed to harvest credentials, financial data, and crypto wallet information.
“Even well-informed users can be tricked, especially when malware evades detection by mainstream antivirus tools.”
— Jozsef Gegeny, Acronis TRU
“These are not your run-of-the-mill phishing campaigns,” said Jozsef Gegeny, Senior Researcher at Acronis TRU. “Our team detected a network of deceptive websites, fake YouTube trailers, and even Discord channels engineered to make these malware-laced games appear legitimate. It’s a highly sophisticated operation aimed at a tech-savvy, yet vulnerable demographic.”
Unlike typical malware campaigns that target enterprise environments, this operation focuses entirely on consumers—particularly gamers aged 18–35—who are keen to gain early access to unreleased content. With platforms like Discord acting as trusted hubs for game discovery and community interaction, attackers have found fertile ground to spread their malware with minimal resistance.
Acronis researchers also found malware variants that displayed fake error messages to mask malicious actions during installation. Alarmingly, much of the malicious content continues to go undetected by major antivirus engines, putting unsuspecting users at elevated risk of financial loss, account takeover, and even extortion.
Acronis advises gamers to download only from verified sources and use multi-factor authentication for online accounts. The company stresses that awareness is the first line of defence. “Even tech-savvy users can be misled,” Gegeny noted. “Gamers must treat unknown links and unofficial downloads with the same caution as corporate professionals treat suspicious emails.”
As the Middle East continues to emerge as a vibrant gaming hub, the cybersecurity community is urging greater vigilance among its most active consumers.
