{"id":24167,"date":"2025-06-09T17:22:47","date_gmt":"2025-06-09T13:22:47","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=24167"},"modified":"2025-06-09T17:22:47","modified_gmt":"2025-06-09T13:22:47","slug":"how-hackers-attack-gen-z","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/how-hackers-attack-gen-z\/24167\/","title":{"rendered":"How hackers target Gen Z"},"content":{"rendered":"

Gen Z, or \u201cZoomers\u201d, are those born between ~1997 and 2012. That\u2019s a 15-year age gap between the oldest and youngest. So what could they possibly have in common? Well, every member of Gen Z is a digital native. They barely remember a time before computers, smartphones, and social media. More than any other generation, Gen Z loves games (especially our own \u2014 Case 404<\/em><\/a> \u2014 we hope!), TV shows, and movies. Sometimes, they even shape their identities by constantly connecting with their favorite characters. Naturally, this level of immersion makes them a prime target for malicious actors.<\/p>\n

Kaspersky experts have released two reports detailing how cybercriminals target Gen Z through their love of games, movies, TV shows, and anime. Check out the full versions of the first<\/a> and second <\/a>reports to dive deeper.<\/p>\n

How gamers get attacked<\/h2>\n

In the one-year period from April 1, 2024, we recorded at least 19 million attempts to distribute malware disguised as games popular with Gen Z. The top three games targeted by these attacks were GTA<\/em>, Minecraft<\/em>, and Call of Duty<\/em>, together accounting for a staggering 11.2 million attempts. So, why are these particular games at the top of both gamers\u2019 and cybercriminals\u2019 lists? We just might know the reason. They\u2019re replayable; that is, players can dive back in any time and still get a fresh experience. Besides, these titles boast massive online communities. Players are constantly creating content, making mods, and searching for cheats and cracked versions.<\/p>\n

One of the most common threats facing Gen Z gamers is phishing \u2014 where cybercriminals impersonate a trusted entity and tempt players with promises of free in-game rewards to lure them into sharing personal data. Enticing trade offers and easy ways to earn money are some of the most popular tricks used against gamers.<\/p>\n

We uncovered a phishing site that looked eerily similar to a legitimate Riot Games campaign. The campaign aimed to blend two different universes: the game Valorant<\/em> and the animated series Arcane<\/em>. Players were invited to \u201cspin the wheel\u201d for a chance to win exclusive new skins. In reality, gamers who participated in this \u201ccontest\u201d essentially handed over their gaming accounts, banking details, and phone numbers to third parties. Of course, they received no skins in return.<\/p>\n

\"A<\/a>

A beautiful background and recognizable characters \u2014 what more do you need to fall for a scam?<\/p><\/div>\n

But it\u2019s not just about scams. In November 2024, our experts from the Global Research and Analysis Team (GReAT) uncovered a campaign where attackers were distributing the Hexon stealer disguised as game installer files. Once installed, this malware attacked gaming platforms; for example, it could extract user data from Steam. On top of that, Hexon targeted messaging apps like Telegram and WhatsApp, and other social media platforms, such as TikTok, YouTube, Instagram, and Discord.<\/p>\n

These fake installers flooded gaming forums, chats on Signal and Telegram, Discord channels, and popular file-sharing sites. The cybercriminals promoted the Hexon stealer using a malware-as-a-service<\/a> model, where some malicious actors provide malware to others \u2014 often less tech-savvy ones \u2014 for a fee.<\/p>\n

\"Example<\/a>

Example of attackers\u2019 message in a Discord channel<\/p><\/div>\n

Interestingly, a short while later, the creator of Hexon announced a rebrand. The stealer was now called \u201cLeet\u201d, and was offered at a 50% discount. Unlike its predecessor, the updated version can bypass sandboxes by checking the infected device\u2019s public IP address and system specifications. If the stealer detects signs of being in a virtual machine, it shuts down immediately.<\/p>\n

How movie, TV show, and anime fans get attacked<\/h2>\n

We dug into some data provided by the Kaspersky Network Security (KSN)<\/a> \u2014 our global threat intelligence network which processes cyberthreat information from every corner of the world. We analyzed the data for the same one-year period starting April 1, 2024, and here\u2019s what we found:<\/p>\n