Cheating May Be More Dangerous Than You Think

Cheating in video games is often portrayed as a harmless shortcut for those unwilling to play by the rules, but in reality, it can open the door to serious security risks. In Escape from Tarkov, as in many other online games, cheat software doesn’t just threaten fair play—it can compromise your entire system. From identity theft and stolen cryptocurrency wallets to persistent malware infections, the dangers extend far beyond a simple game ban.

A few days ago, I wrote about content creator Joeydope, who attempted to use cheats to gauge the scale of the cheating problem in Escape from Tarkov. That article inspired me to write this piece.

In the video describing his experiment, he explains that installing the cheats required disabling several security protections on his PC. He compared the feeling to “taking the locks off your front door and hanging a sign: gullible idiot inside.”

That uneasy feeling is justified: history shows that cheat software often hides malware, steals identities, usernames, and passwords, and can even target cryptocurrency wallets.

Let's examine how using cheats means lowering your computer’s defences and why it is so dangerous, with real‑world cases where players risked much more than just being banned from a videogame.

While this may seem like the right punishment for cheaters—those lacking the integrity to realize that cheating is for losers and the backbone to face their opponents on equal terms—the dangers are serious, and the consequences significant enough for me to feel compelled to address them.

How cheats are installed

Cheats are easy to find, with third-party sellers offering subscriptions to tools such as wall-hacks, aimbots, radars, and market bots. Cheat authors exploit the fact that anti-cheat systems verify game files and driver signatures, using it as an excuse to persuade users to lower their defences.

Cheat installation guides routinely instruct buyers to disable Windows Defender or third-party antivirus and to turn off Secure Boot, Memory Integrity (HVCI) and sometimes Hyper-V—changes that allow unsigned kernel-mode drivers to load and dramatically weaken system defences (often neutralizing them completely).

Cheats frequently load a kernel‑mode driver and communicate with remote servers. Players must run installers with administrator privileges (which give the installer full permission to add, change, or remove any files or settings on the system), disable User Account Control prompts (UAC), and sometimes install certificates or registry keys. This combination of elevated privileges and disabled security creates a perfect environment for malware to hide.

Why disabling protections is dangerous

Windows Defender monitors drivers that load at the kernel level. Stopping the wdfilter service, uninstalling antivirus software, and turning off Secure Boot allows any program with administrative rights to install unverified drivers.

Memory‑integrity protections like Hypervisor‑Enforced Code Integrity (HVCI) prevent unsigned drivers from running; disabling them removes that safeguard. Secure Boot verifies that nothing malicious is injected during the boot process; turning it off leaves the system exposed to bootkits and rootkits. Cheat developers exploit these gaps, loading drivers that hide their presence from anti‑cheat software but can also act as backdoors.

When cheating goes wrong: documented cases

One might think that, aside from the questionable ethical choice, using cheats is simply a way to have a little fun at the expense of those who play seriously and work hard to defeat their opponents. A joke, an apparently harmless prank, carrying only the risk of being banned from the game. Nothing can go wrong, right? Until it does.

The following few of many documented cases show how cybersecurity researchers have proven that installing cheats is extremely dangerous:

1. EvolvedAim (Escape from Tarkov) – CyberArk and CyberInsider found that this paid Escape From Tarkov cheat doubled as an info‑stealer. It started multiple threads, two of which were disguised as innocent processes and silently exfiltrated passwords, browser cookies and cryptocurrency wallet files. The malware began stealing data even before users entered their licence key to activate the cheat and sent the loot to a Mega account via Discord webhooks.

1. Trojan.Scavenger in mods and cheats – Doctor Web documented ‘Trojan.Scavenger,’ malware disguised as mods/cheat tools distributed on shady websites that contacts C2 servers, tampers with browser protections and replaces extensions to steal password-manager credentials and crypto-wallet keys.

   
   

2. RedLine variant in Cheat Lab – A BleepingComputer investigation found that cybercriminals re‑packed the RedLine info‑stealer as a demo of a cheat called “Cheat Lab.” The malware promised a free copy of the cheat if victims shared it with friends. RedLine is capable of harvesting passwords, cookies and cryptocurrency wallet data. Victims were lured by messages saying the program would unlock after sending the installer to a friend.
   

3. Fortnite data‑theft cheat – Malwarebytes researchers uncovered a fake Fortnite wall‑hack that delivered a small 168 KB executable. When run, it enumerated system details and then posted browser session information, cookies, Bitcoin wallets and Steam session data to a server in Russia.
   

4. XtremeRAT in backdoored mods – Cisco Talos observed multiple campaigns where backdoored mods, patches and “tweaks” distributed via YouTube tutorials or Discord channels installed the remote access trojan XtremeRAT. Once installed, XtremeRAT can exfiltrate documents, log keystrokes, capture screenshots and record audio. The malware authors used Visual Basic cryptors and shellcode to evade detection.
   

5. Stargazers Ghost Network (Minecraft) – Check Point Research uncovered a distribution‑as‑a‑service operation that used fake Minecraft mods and cheat clients to deliver a multi‑stage stealer. The malware attempted to steal Minecraft account tokens, Discord/Telegram tokens, VPN credentials, cryptocurrency wallets and Steam data, infecting over 17 000 systems.
   

6. Blitz malware in Standoff 2 cheat packages – Unit 42 researchers found that the Blitz malware was distributed through backdoored cheat archives. Running the included executable quietly downloaded a Blitz downloader and then a bot that can log keystrokes, capture screenshots and even launch denial‑of‑service attacks. The cheat also dropped a Monero cryptocurrency miner.
   

7. Baldr stealer in Apex Legends and CS:GO cheats – In 2019 Sophos researchers reported that hundreds of players trying to use cheats like “CSGO Aimbot+Wallhack” and “Apex Legends New Cheat 0.2.1” were infected with Baldr, a credential‑stealing malware. Baldr harvested credit card information, Amazon and PayPal login credentials, and accounts for major game platforms.
   

8. Aurora cheat remote access trojan (Apex Legends) – A removal guide from PCRisk warns that the “Aurora Cheat” injector for Apex Legends actually drops a remote access trojan that logs all keystrokes, giving attackers access to banking passwords, email accounts and other credentials.
   

These examples span several years and different games, but they share a common pattern: the promise of an unfair advantage and easy wins, combined with the excitement of breaking the rules, lures players into turning off their security and running untrusted software. In each case, the cheat either hid a stealer or installed a remote access trojan, leading to stolen identities, drained wallets or compromised computers.

Safety tips and conclusions

• Never install third‑party cheats (or mods from unverified sources). Many cheat sellers operate anonymously and have no incentive to protect their customers. After all, how can you trust someone who makes (tons of) money selling ways to cheat, well aware of causing harm to honest players by ruining their fun, and inflicting economic damage on game developers, whose products are compromised, whose customers are left dissatisfied, and who must spend vast amounts of money, time, and energy trying to close the loopholes that cheats exploit to work?
  

• Do not disable antivirus, Secure Boot, firewall settings, memory‑integrity protections, User Account Control, intrusion‑prevention systems, phishing protection, or any other built‑in security features for a game. If a tool requires turning off any of these security features, assume it is attempting to install malware.
  

• Keep your system and software up to date and use reputable security tools. Running trusted anti‑malware and enabling features like memory integrity makes it harder for malicious drivers to load.
  

• Use two‑factor authentication and monitor your accounts. If you suspect a compromise, change all passwords, especially for your email, gaming platforms and financial services.
  

• Remember the ethical and practical costs. Cheating not only ruins the experience for other players but exposes you to serious cyber‑risks.
  

Installing a cheat in a video game might seem like a harmless shortcut, but it’s not — not to others, and not to yourself. If you don't care about others, at least look out for yourself. To avoid becoming another cautionary tale, resist the temptation of shortcuts and keep your defences intact.

Some cheat developers, of course, claim they have no interest in putting malicious software into their cheats and harming their own customers, as it would risk losing them. While that might be true for a legitimate business, the same logic doesn’t apply to cheat developers. They can gain enormous benefits from the illicit activities tied to cheats — far beyond any losses caused by dissatisfied customers leaving. And they can rely on the fact that there will always be plenty of “gullible idiots” eager to win easily, even at the cost of cheating and risking being cheated and harmed themselves.

Bonus warning

While researching for this article I found out that malicious software has also been found in Steam games – In July 2025 BleepingComputer reported that a threat actor called EncryptHub compromised the early‑access Steam game Chemia. Malicious binaries were injected into the game files, including Fickle Stealer, which harvests browser‑stored credentials, auto‑fill data, cookies and cryptocurrency wallet data. This is not the first and only case of infected Steam games, as you can read in this article from Malwarebytes Labs.

____

There’s always something new to discover in Escape from Tarkov! Stay up to date with the latest News, Tips & Tricks, and In-Depth Guides, by checking out our links or starting from our Homepage. New to the game or just looking for more insights? Don’t miss our EFT: Tutorial section!