Unofficial mods and cheats for Grand Theft Auto, Roblox, Valorant, Counter-Strike: Global Offensive and Fortnite are the top five sources of infection
MONTREAL – Flare, the leader of Threat Exposure Management, released new research analyzing more than 50,000 infostealer malware-infected devices, revealing that cybercriminals are deliberately engineering malware traps that exploit the online gaming ecosystem more than any other community.
The research, How Gamers Became Cybercrime’s Favorite Target: Analysis of 50,000 Infostealer Infections, exposed that 41.47% of all infections stemmed from gaming-related files, making gaming the single largest lure for threat actors. Two out of every five infected users in the dataset were compromised after downloading a file linked to a game, gaming platform, mod, cheat, or pirated version of popular titles such as GTA, Roblox, Counter-Strike: GO, and Fortnite.
“Gaming has become the perfect hunting ground for threat actors,” said Estelle Ruellan, Threat Intelligence Researcher at Flare. “The ecosystem encourages unofficial mods and cheats, yet offers no legitimate source for ‘verified’ enhancements—creating ideal cover for malware to masquerade as harmless tools. At the same time, optional visual upgrades and extended game content are often locked behind paywalls, pushing many players toward free, unofficial alternatives.Threat actors are positioning themselves in the gap between what people want and what they’re willing to pay for. Understanding that economic reality is key to defending against these threats.”
The research dataset includes 53,896 infected devices, compromised between June 7 and August 12, 2025. The infections are distributed across the targeted entities of Creative (e.g., Adobe), Essential (e.g., Microsoft), Games, Mobile, Privacy & Security, and System & Utility (e.g., WinRAR). Key findings include:
- Piracy is the #1 lure of all infections: 17.65% of infections involved a “crack” or “cracked” version of software, making it the most common explicit functionality used by threat actors.
- While most infections in Creative, Essential, System & Utility, and Privacy & Security software mirror the overall trends, Gaming-related infections chart their own course.
- Gamers are uniquely exposed: Gaming-specific lures like cheats, mod menus, aimbots, and skin changers accounted for over 50% of gaming-related infections.
- Nearly one-third of Creative software infections (32.72%) came from cracked tools.
- For Essential and System & Utility related infections, activation bypasses were the strongest lure (29.25% and 26.13%, respectively).
“We’re living in an era where cybercrime is driven by logging-in, not hacking-in. By offering free versions as bait, and tailoring their lures to each online ecosystem, threat actors are exploiting a simple economic reality: online communities value low or no-cost software,” said Ruellan.
The full research is available (ungated) on Flare’s Resource Center.
About Flare
Flare is the leader in Threat Exposure Management, helping global organizations detect high-risk exposures found on the clear and dark web. Combining the industry’s best cybercrime database with a ridiculously intuitive user experience, Flare enables customers to reclaim the information advantage and make cyber crime irrelevant. For more information, visit https://flare.io. To experience the platform firsthand, start a free trial at https://try.flare.io/free-trial/. Join our Discord community and explore Flare Academy to stay up-to-date on the latest in threat intelligence.
