Gen Z Gamers Targeted by Malicious Versions of Popular Games

Cybercriminals have launched a massive campaign targeting Generation Z gamers through malicious versions of popular video games, with security researchers documenting over 19 million attack attempts in a single year.

The findings, detailed in new reports from Kaspersky experts, reveal how digital natives born between 1997 and 2012 have become prime targets for malicious actors exploiting their passion for gaming, particularly through fake game installers and phishing schemes designed to steal personal information and gaming credentials.

Massive Scale of Gaming-Related Cyber Attacks

Between April 1, 2024, and the same period in 2025, cybersecurity researchers recorded at least 19 million attempts to distribute malware disguised as games popular with Gen Z users.

The three most targeted games were Grand Theft Auto (GTA), Minecraft, and Call of Duty, which together accounted for a staggering 11.2 million attack attempts.

These particular titles attract cybercriminals because they offer high replayability, maintain massive online communities, and generate constant demand for user-created content, modifications, and cracked versions.

The attacks have been particularly sophisticated, with cybercriminals utilizing a malware-as-a-service model where some malicious actors provide malware to others for a fee.

One notable example involved the Hexon stealer, which was distributed through fake game installer files and later rebranded as “Leet” with enhanced capabilities to bypass security sandboxes.

Standard Attack Methods and Techniques

Phishing remains one of the most prevalent threats facing Gen Z gamers, with cybercriminals impersonating trusted entities and offering promises of free in-game rewards to extract personal data.

Researchers uncovered a sophisticated phishing campaign that mimicked a legitimate Riot Games promotion, blending the popular game Valorant with the animated series Arcane.

Players were invited to “spin the wheel” for exclusive skins but instead surrendered their gaming accounts, banking details, and phone numbers to third parties.

The Hexon stealer campaign demonstrates the evolution of gaming-targeted malware, with attackers flooding gaming forums, Discord channels, and file-sharing sites with fake installers.

Once installed, this malware attacked gaming platforms like Steam while also targeting messaging apps including Telegram and WhatsApp, plus social media platforms such as TikTok, YouTube, Instagram, and Discord.

Protection Strategies for Digital Natives

Security experts recommend that Gen Z gamers adopt several protective measures to safeguard their digital lives. Users should exclusively download games from official sources, avoiding torrents and sketchy third-party sites.

Enabling two-factor authentication across all gaming and social media accounts provides an additional security layer. Gamers should remain skeptical of free giveaways promising skins, cheats, or in-game currency, as these often serve as bait for malicious schemes.

The cybersecurity landscape targeting Gen Z continues evolving, requiring constant vigilance and updated protective measures to counter increasingly sophisticated threats.