May 25, 2021by Cybersixgill

Hardware Spoofing Lets Gamers Evade Cheating Bans

For $65 per year, you can cheat all you want in video games.

You might think gaming and esports are harmless arenas where young people get to blow off some steam and have fun.

Esports are big business, with professional gamers and streamers competing for cash or the eyeballs of fans (and the endorsements that come with it).

There’s a widespread incentive to cheat.

Read Our Threat Report, Banned of Bothers: The Rise of Hardware Spoofing in the Gaming Industry

Gaming companies, who have seen prominent players denounce titles that have become overwhelmed with cheating, have resorted to harsher penalties. They started with temporary suspensions, players waited it out, then they revoked players’ accounts.

But players just made new ones. They canceled the software licenses of games, but players just bought them again or purchased cracked accounts.

Finally, they began recording unique identifiers of player hardware, permanently banning players using certain machines. The only way to get around it: buy a new computer or console.

Or so they thought.

Players are now able to turn to the dark web for hardware identification (HWID) spoofing services that let them evade perma-bans and continue cheating.

Some services, like the Atmosphere Spoofer allow cheaters to spoof their hardware, and thus evade cheating bans and anti-cheat technology for as little as $65 per year.

Atmosphere Spoofer features

Atmosphere Spoofer features

These services cash in on the potentially lucrative world of online gaming, a phenomenon documented in Cybersixgill research we published last year.

In March, Chinese authorities worked with the gaming company Tencent to crack down on a cheating operation that took in $76 million according to the BBC. The operation allegedly worked on a subscription model, charging gamers $10 per day, or $200 per month

We build on our previous research and examine the use of HWID spoofing in a new Cybersixgill report “Banned of Bothers: The rise of hardware spoofing in the gaming industry.”

In some cases, players compete for cash and cheating software, such as aim bots, and allow players to win prizes or to gain entry into higher-level tournaments.

Even if they are not playing for cash, cheat software can be deployed by influencers and streamers seeking to build an online following that can also be monetized.

In the past year, Cybersixgill observed over 6,500 mentions of HWID spoofers in the underground dark web monitoring. Some HWID spoofers are available as a subscription, others are sold for a one-time fee.

Citadel Spoofer 

Citadel Spoofer

For the technically savvy, HWID spoofers are available as raw code. For example, an anonymous Chinese-speaking threat actor posted their HWID spoofer on GitHub for others to download.

It may seem like hardware spoofing is a relatively harmless pursuit or at least one without consequences beyond gaming. But as we’ve seen before, dark web tools don’t confine themselves to one arena.

Hacking skills acquired by freshmen threat actors in pursuit of gaming glory could translate into broader and more damaging schemes.

The spoofers could have another, more nefarious use. As financial, social media, and online shopping accounts increasingly rely on hardware IDs as a means of confirming user identities.

This technique, known as “device fingerprinting” verifies identity using not only a username and password but also the laptop or smartphone a customer is using.

Thus, HWID spoofing could also be deployed to assist in cracking financial accounts by mimicking a user’s hardware IDs used by web pages for authentication, especially against high-value targets where threat actors need to conduct significant amounts of intelligence gathering.

Read Our Threat Report, Banned of Bothers: The Rise of Hardware Spoofing in the Gaming Industry

You may also like

A close-up, detailed, and vibrant image of a microscopic cell with numerous tentacle-like extensions, depicted in shades of pink and purple against a blurred blue background.

May 15, 2024

Black Basta's Devastating Attack on a US Hospital System: Lessons Learned and Protective Measures

Read more
Screen showing a malware alert

May 09, 2024

New 'Latrodectus' Malware Linked to Notorious 'IcedID' Developer: A Deep Dive into Targets, Potential Impact, and Remediation Steps

Read more
Chris Strand-Thumbnail

May 07, 2024

Enhancing Security Posture with Cyber Risk Intelligence Part 2

Read more