How cybercriminals catch chess players in a gambit

Along with the growing number of chess players online, the risk of related cyberattacks are also increasing. Kaspersky cybersecurity experts have discovered that chess players have been targeted by a range of different attacks from cybercriminals spreading malicious or unwanted mobile programs – even on Google Play – and Trojans and ransomware disguised as chess applications for PC and mobile. 

Over the last decade, the world of chess has been growing rapidly with more and more platforms and apps for training appearing online, and numerous global tournaments organised in digital formats.  However, the online development of chess has also piqued the interest of cybercriminals, who try to catch online chess players with a variety of tricks.

With chess players constantly learning new tactics and playing with others online, they often download applications for their computer and mobile devices – often from third-party sites. Needless to say, under the disguise of these apps may be hidden malicious files. According to latest Kaspersky statistics, in 2022, cybercriminals made 139,203 attack attempts targeting almost 12,000 chess players.

In most analysed cases, Kaspersky researchers discovered Downloaders able to install other unwanted programs, but there were also other Adware and even Trojans – malicious programs that can enable cybercriminals to gather credit card details, credentials, modify data or disrupt the performance of computers. They also found cybercriminals spreading ransomware disguised as chess applications, able to encrypt any files on the infected device. The majority of attacked chess players were in Russia, India, Vietnam, Brazil and Germany.

The number of attacks attempts on chess players in 2022.

Kaspersky researchers also discovered that in the last several years, cybercriminals were distributing malicious mobile apps or unwanted software under the guise of chess games. One, simply called “Chess”, was found on Google Play but has since been removed. Outside of Google Play, the scammers are also actively spreading mobile malware and adware via third-party sites. One of the apps we detected in 2023 sent SMS messages from an infected user’s phone, making it a spamming tool for cybercriminals. The other, like most attackers’ files hidden behind chess applications, is an adware that periodically opens advertising tabs in the browser against the user’s will – mimicking a real-life application called “Chess Pro” on Google Play, with more than 100,000 downloads.

The legitime app with more than 100,000 downloads which image has been exploited by fraudsters. 

“The world of chess has changed dramatically in recent years, becoming digitalised, with training and even international championships taking place online, allowing players to globally share experiences and compete against each other. However, as we see, the popularity of chess is also being exploited by attackers, distributing thousands of malicious files disguised as chess. It’s never been more important to remain vigilant and remember basic cybersecurity rules in order not to fall a victim to cybercriminals whether it’s phishing emails, or suspicious mobile apps that only mimic chess,” comments Igor Golovin, a security expert at Kaspersky.

“Chess world has been going digital for decades — one of the first computer games ever was chess. But recently, most of chess has made the digital jump, and not only casual gamers, but chess education, elite level competitions, chess clubs, schools, etc. For instance, our e-gaming platform FIDE online arena every month hosts over 600 tournaments. Thus, new challenges connected to digital world, are now key for chess: cheating, cybersecurity, ID management, connection between digital and OTB (over-the-board play), computational power arms race, and more. Technology is changing the world of chess right now, so players shall be ready to answer those challenges,” comments Ilya Merenzon, CEO of World Chess.

Kaspersky is an official cybersecurity partner of the 2023 FIDE World Championship, the most influential event in the world of chess, taking place in Astana, Kazakhstan, from April 7 to May 1, 2023.

To stay safe from mobile threats, Kaspersky recommends:

  • Check the permissions of the apps that you use and think carefully before permitting an app, especially when it comes to high risk permissions such as permission to use Accessibility Services. The only permission that a flashlight app needs is to the flashlight (which doesn’t even involve camera access).
  • reliable security solution can help you to detect malicious apps and adware before they can start behaving badly on your device.
  • iPhone users have some privacy controls provided by Apple, and users can block app access to photos, contacts and GPS features if they think those permissions are unnecessary.
  • Update your operating system and important apps as updates become available. Many safety issues can be solved by installing updated versions of software.

World Chess is a London-based chess gaming and entertainment company and FIDE’ official commercial partner. World Chess organized the FIDE Championship Matches in the USA, and the UK, and revolutionized the sport by signing the biggest media partnerships in history. World Chess develops Armageddon, the chess league for prime-time television. World Chess also runs FIDE Online Arena, the exclusive official chess gaming platform.


Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.