Dubai, United Arab Emirates – 24 July 2025 – The Acronis Threat Research Unit (TRU) has uncovered details of a sophisticated, consumer-focused malware campaign exploiting the global popularity of online gaming—an industry valued at over US$7 billion in the Middle East alone and projected to grow rapidly as young, digitally native audiences fuel demand. The researchers identified that among the most impacted countries globally are three Middle East nations — Saudi Arabia, Qatar, and Türkiye. This underscores the urgent need for awareness among regional gamers who are particularly active on platforms like Discord, where much of the malicious content is distributed.
The campaign targets consumers, particularly gamers aged 18–35. Victims are lured with what appear to be beta versions of indie games such as Baruda Quest, Warstorm Fire, and Dire Talon, but instead what ends up being downloaded is infostealer malware like Leet Stealer, RMC Stealer, and Sniffer Stealer.
This malicious software steals sensitive information including login credentials, payment details, and crypto wallets and can result in account takeovers, financial loss, and extortion. Unlike most malware that focuses on corporate networks, this campaign exploits the enthusiasm of the gaming community, particularly those eager to access unreleased or early-access content.
“This campaign is notable for its sophistication and its focus on what could be considered a highly tech-savvy demograhic,” said Jozsef Gegeny, Senior Researcher at Acronis TRU. “Our team uncovered the threat by analysing a wave of suspicious files and websites masquerading as legitimate game content, which were spreading largely undetected by major antivirus tools. While enterprises are often protected by managed service providers and robust defences, consumers remain highly exposed to such risks. That’s why it’s important for the cybersecurity community to shine a light on threats that target individuals and not just corporations.”
The attackers use stolen branding, fake promotional websites, and even dedicated YouTube channels to make the games appear authentic. Popular platforms like Discord are used to share links to fake installers, taking advantage of the trust gamers place in these communities.
Acronis found malware disguised as downloaders whichdisplayed convincing errors during installation to mask their true intent. The campaign, first observed spreading in Brazil and the United States, has now been seen globally, with the Middle East emerging as a key hotspot given its young and highly engaged gaming population.
“We strongly urge gamers to remain vigilant, only download games and beta content from official stores or verified developer websites, and enable multi-factor authentication wherever possible,” added Gegeny. “This campaign shows that even well-informed users can be tricked, especially when malware evades detection by mainstream antivirus tools. Extra caution and awareness are the best defences against such complex and convincing threats.”
– ENDS –
About Acronis
Acronis is a global cyber protection company that provides natively integrated cybersecurity, data protection, and endpoint management for managed service providers (MSPs), small and medium businesses (SMBs), and enterprise IT departments. Acronis solutions are highly efficient and designed to identify, prevent, detect, respond, remediate, and recover from modern cyberthreats with minimal downtime, ensuring data integrity and business continuity. Acronis offers the most comprehensive security solution on the market for MSPs with its unique ability to meet the needs of diverse and distributed IT environments.
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect is available in 26 languages in 150 countries and is used by over 21,000 service providers to protect over 750,000 businesses. Learn more at www.acronis.com.