League of Legends Client in the Philippines may have Infected with a Crypto Mining Program

ByJhe Gino Gino

A League of Legends (LoL) player in the Philippines found out that his LoL client runs a cryptocurrency mining program in his PC without his knowledge.

Photo for the Article - League of Legends Client in the Philippines may have Infected with a Crypto Mining Program

1st Update: Below the article, we have added the comments from Garena Philippines.

One concerned Redditor and an avid League of Legends (LoL) player in the Philippines found out that his LoL client runs a cryptocurrency mining program on his computer without his knowledge.

A Redditor with the name, lestargonzaga, posted on r/leagueoflegends about the findings of his anti-malware suite.

Photo for the Article - League of Legends Client in the Philippines may have Infected with a Crypto Mining Program
Photo for the Article - League of Legends Client in the Philippines may have Infected with a Crypto Mining Program

The result has something that may bother LoL players in the country. The client is loaded with a Coinhive program, often classified as a “riskware”, that has the ability to mine the cryptocurrency called Monero. With the riskware running on JavaScript, however, various commenters on Reddit reported they haven’t noticed it at all.

With the riskware running in JavaScript and injected in the Philippines’ Garena LoL client, every time a player opens and download it, they give it access to their machine to mine Monero.

According to commenters on Reddit, the Coinhive riskware is not only targetting Philippine LoL clients. One Redditor commented that it is happening to all Garena+ users.

Although there is a debate going on as to whether Garena intentionally included the Coinhive in its client or not, one thing is for sure, players need to run their anti-virus or anti-malware to spot it immediately.

Update:

On July 9, 2:16 PM GMT+8, there was an unauthorized modification of the League of Legends PH client lobby where a certain javascript code was inserted. This code performs blockchain mining on affected computers, which consumes CPU resources from these computers. Apart from increased CPU usage, extensive analysis from our security engineers has determined that there is no other impact on affected computers. At July 11, 4:15 AM GMT+8, our security engineers have removed this javascript code and ensure that all users, including those who were previously affected, will no longer encounter this issue.

We treat security matters with utmost priority and sincerely apologize for this incident, and for the inconvenience you have experienced.

Should you have any questions or concerns you email us at account@garena.com

Source: DoteSports, Reddit

Similar Posts