Hackers Weaponize Nostalgic Minesweeper Game to Target Financial Firms

Hackers Deploy Devious Minesweeper Malware to Target Financial Firms

A sophisticated hacking group is exploiting an unlikely vector to compromise financial institutions across Europe and the United States – the classic Microsoft game Minesweeper.

According to advisories from Ukraine's computer emergency response teams, CERT-UA and CSIRT-NBU, the threat actor tracked as UAC-0188 has been utilizing code from a Python clone of the iconic game to conceal malicious scripts in recent cyberattacks.

The deceptive campaign begins with emails impersonating a medical center, prompting recipients to download a seemingly innocuous 33MB screensaver file from Dropbox. However, this file contains far more than nostalgic gameplay.

Buried within the screensaver is a 28MB base64-encoded string that hides Python scripts designed to download and install the legitimate remote management tool SuperOps RMM on compromised systems. By abusing this software, the hackers gain direct access to infected computers.

"Including Minesweeper code serves as a cover for the malicious payload, attempting to make it appear benign," CERT-UA explained. "Additionally, legitimate software functions are repurposed to decode and execute the hidden code."

The malware's use of the classic game as a decoy is an insidious twist. Minesweeper dates back to the earliest Windows versions and is universally recognized, lending credibility to conceal the attack.

So far, CERT-UA has identified at least five successful breaches by these malicious Minesweeper files targeting financial services and insurance companies in Europe and the US. The agency warns that any organization running SuperOps RMM should closely monitor for compromise if not legitimately using the software.

"This is a devious campaign that preys on familiarity and nostalgia," said cybersecurity analyst Olivia Wilkinson. "By hiding their malware alongside something as innocuous as Minesweeper, the attackers are betting on human nature to override cybersecurity caution."

As criminals get increasingly sophisticated, experts warn that unconventional malware deployment methods like this could become more common as attackers look for innovative ways to bypass security controls.

"We have to stay one step ahead," said Wilkinson. "If hackers are hiding behind something as classic as Minesweeper, we need to question our assumptions about what is safe at a fundamental level."