SECURITY COMPANY Malwarebytes has discovered a malware program disguised as an Xbox One video game emulator to fool fans of the upcoming games console into downloading it.
Malwarebytes analyst Joshua Cannell told The INQUIRER that a video of the emulator in action, featuring fake gameplay from the upcoming Watch Dogs game from Ubisoft, has received 75,000 views on Youtube despite being only a few days old.
"Over at emulatorxboxone.com, you'll find the self-proclaimed first and 'best Xbox One emulator out there', a profound statement considering the Xbox One won't be publicly available until this November," Cannell said.
The emulator is accompanied by a video that supposedly demonstrates its ability to run the new console's video games. However, the video is actually just a clip from this year's Watch Dogs E3 gameplay trailer and not the actual game.
"The video's narrator has a German accent, and makes use of his strong video editing skills to make the gameplay seem real, even going as far to pretend to load a saved game during the demonstration," Cannell explained.
Malwarebytes downloaded the emulator for an insight into what visitors might really be getting and examined the files. On the surface, the firm said it looks legitimate, with one executable and some library files.
"Some of the libraries are standard ones from Microsoft, but interestingly enough, a couple are actually from a legitimate emulator for the Playstation 2, known as PCSX2," Cannell added.
He said that the malware has been modeled on the latest copy of PCSX2 to make it more realistic, with files and folders being the same in appearence, but different versions.
"The emulator binary, XboxOneEmulator.exe, is coded in .NET and therefore requires the .NET framework to run. When you execute the emulator, you'll get a nag screen explaining the BIOS is missing and asking if you'd like to download a copy: either choice exits the program, but clicking 'Yes' takes you back to the emulator's website," Cannell explained.
From there, you'll be redirected to complete an offer, a trick used by cyber crimminals to gather personal information for spam and other malicious purposes, afterward granting you access to the requested file.
"Deceptive ploys like these have been around for a while and can be used for anything from advertising to spreading malware, and maybe both," Malwarebytes warned. "In fact, one of the download mirrors for the Xbox One emulator is hosted by zippyshare, and contains a download for a fake Flash Player." µ