Fake versions of Grand Theft Auto V and World of Warcraft are among the two most popular torrent files threat actors use to distribute malware, according to new research.

Grand Theft Auto V, also known as GTA 5, and another gaming classic, World of Warcraft, are two of the top video games used to lure and infect torrent users with malicious software, cybersecurity firm ReasonLabs said in a report.

GTA 5 is one of the most successful video games in history. Released in 2013 by Rockstar Games, it has sold 190 million copies as of September 2023. Its widely anticipated successor, GTA 6, is slated for release next year, fueling further interest in the franchise.

War of Warcraft, first released in 2004, is part of another popular gaming franchise – and is also exploited as a lure targeting users of torrent websites.

“Torrent-based file-sharing offers several advantages over traditional file-sharing methods and is not illegal or intrinsically dangerous,” ReasonLabs said in its The State of Consumer Cybersecurity 2024 report.

“However, torrent files play a key role in online piracy as it’s almost effortless for cyber attackers to use them to distribute malware,” the report warned.

In addition to popular games, the top torrent files detected as malicious were different types of software-as-a-service products, it said. These included Microsoft Office, the Abode suite, and Nitro PDF Pro among others.

All files were used by bad actors to distribute malware such as Trojans, Remote Access Tools (RATs), malicious web extensions, coin miners, keyloggers, and more.

Instead of delivering their respective games, malicious GTA 5 and World of Warcraft files contained DarkComet RAT. “DarkComet enables the attacker to gain complete control of the infected device and capture screenshots, keystrokes, and webcam activity,” ReasonLabs said.

Malicious web extensions were also highly circulated in 2023, with a widely shared torrent file named Raftv 1.09 by Pioneer as one example.

“It was used to widely distribute malicious web extensions posing as VPNs, but in reality, they attacked and disabled users’ existing cashback and security extensions,” the report said.

Coin miners were among the top malware found in torrent files. Often referred to as “cryptojacking,” it can significantly drain the affected devices’ resources, leading to slower performance and increased energy consumption.

Another “widespread” threat was a variant of the banking Trojan Zusy, which ReasonLabs found in the Microsoft Office torrent file.

“Zusy will inject itself into the web pages of banks, waiting for the user to enter their credentials. Once entered, Zusy will deploy man-in-the-browser (MitB) attacks to collect the sensitive information,” the report said.

Trojans were found to be “by far the top threat” to home users, accounting for over 41% of all detections made. HackUtilities, comprising of cheats, trainers, license software hacks, and hacking tools accounted for more than 21%, followed by adware, viruses and worms, and ransomware.

Top web threats affecting users worldwide included malware, phishing attacks, adware, and cryptomining, with malicious web extensions, deepfake scams, and generative AI attacks among emerging threats, according to the report.

Children can be particularly exposed to risks online, researchers warned, with hackers becoming “more adept at leveraging torrents, illegal streams, social media, and other common sites used by children of all ages.”

“Parents must double down on protecting their children in 2024. Due to their lack of security knowledge and cyber hygiene, children are often the weakest link in any family’s security posture,” it said.