Along with the growing number of chess players online, the risk of related cyberattacks are also increasing with Kaspersky cybersecurity experts discovering that chess players have been targeted by a range of different attacks from cybercriminals spreading malicious or unwanted mobile programs – even on Google Play – and Trojans and ransomware disguised as chess applications for PC and mobile.
Over the last decade, the world of chess has been growing rapidly with more and more platforms and apps for training appearing online, and numerous global tournaments organised in digital formats. However, the online development of chess has also piqued the interest of cybercriminals who try to catch online chess players with a variety of tricks.
With chess players constantly learning new tactics and playing with others online, they often download applications for their computer and mobile devices – often from third-party sites. Needless to say, under the disguise of these apps may be hidden malicious files. According to latest Kaspersky statistics, in 2022, cybercriminals made 139 203 attack attempts targeting almost 12 000 chess players.
In most analysed cases, Kaspersky researchers discovered downloaders able to install other unwanted programs, but there were also other adware and even Trojans – malicious programs that can enable cybercriminals to gather credit card details, credentials, modify data, or disrupt the performance of computers. They also found cybercriminals spreading ransomware disguised as chess applications able to encrypt any files on the infected device. The majority of attacked chess players were in Russia, India, Vietnam, Brazil, and Germany.
Kaspersky researchers also discovered that in the last several years, cybercriminals were distributing malicious mobile apps or unwanted software under the guise of chess games. One, simply called “Chess”, was found on Google Play, but has since been removed. Outside of Google Play, the scammers are also actively spreading mobile malware and adware via third-party sites.
One of the apps we detected in 2023 sent SMS messages from an infected user’s phone making it a spamming tool for cybercriminals. The other, like most attackers’ files hidden behind chess applications, is an adware that periodically opens advertising tabs in the browser against the user’s will – mimicking a real-life application called “Chess Pro” on Google Play, with more than 100 000 downloads.
“The world of chess has changed dramatically in recent years, becoming digitalised, with training and even international championships taking place online and allowing players to globally share experiences and compete against each other,” says Igor Golovin, a security expert at Kaspersky. “However, as we see, the popularity of chess is also being exploited by attackers distributing thousands of malicious files disguised as chess. It’s never been more important to remain vigilant and remember basic cybersecurity rules in order not to fall a victim to cybercriminals – whether it’s phishing emails or suspicious mobile apps that only mimic chess.”
“The chess world has been going digital for decades – one of the first computer games ever was chess,” says Ilya Merenzon, CEO of World Chess. “But recently, most of chess has made the digital jump and not only casual gamers, but chess education, elite level competitions, chess clubs, schools, etc. For instance, our e-gaming platform FIDE online arena every month hosts over 600 tournaments.
“Thus, new challenges connected to the digital world are now key for chess: cheating, cybersecurity, ID management, connection between digital and OTB (over-the-board play), computational power arms race, and more,” Merenzon adds. “Technology is changing the world of chess right now, so players shall be ready to answer those challenges.”