OFFICIAL SECURITY BLOG
June 26, 2013 | BY Joshua Cannell
Gamer or not, you’ve likely heard about the next generation of video game consoles arriving later this year. However, you probably haven’t heard that fake emulators for the anticipated consoles are already being distributed.
In case you aren’t familiar with them, video game emulators are software used to play console and handheld games on a PC. Many gamers use emulators to play older games not seen in years, despite any potential legal issues of playing games they don’t own.
Over at emulatorxboxone.com, you’ll find the self-proclaimed first and “best Xbox One emulator out there,” a profound statement considering the Xbox One won’t be publicly available until this November.
The website displays an image of its interface (above) and contains an embedded video of the emulator in action, featuring gameplay from the upcoming “Watch Dogs” from Ubisoft. Despite being only a few days old, the video has gotten a lot of attention on YouTube, currently holding more than 75,000 views. That’s pretty impressive—that is, for a fake emulator.
The video’s narrator has a German accent, and makes use of his strong video editing skills to make the gameplay seem real, even going as far to pretend to load a saved game during the demonstration. However, the video is actually just a clip from this year’s Watch Dogs E3 gameplay trailer (see 1:15), and not the actual game at all.
I went ahead and downloaded the emulator to see what visitors might really be getting. Afterward, I examined the files: on the surface they seemed legitimate, with one executable and some libraries files.
Some of the libraries are standard ones from Microsoft, but interestingly enough, a couple are actually from a legitimate emulator for the PlayStation 2, known as PCSX2.
As a matter of fact, I grabbed the latest copy of PCSX2, and was surprised by the similarities. Many of the files and folders were the same, but different versions. This is likely done to make the Xbox One emulator appear like its real.
The emulator binary, XboxOneEmulator.exe, is coded in .NET and therefore requires the .NET framework to run. When you execute the emulator, you’ll get a nag screen explaining the BIOS is missing and asking if you’d like to download a copy: either choice exits the program, but clicking “Yes” takes you back to the emulator’s website.
From there, you’ll be redirected to complete an offer, a trick used to gather your personal information for spam and other malicious purposes, afterward granting you access to the requested file. However, these offers almost never live up to their promises.
Deceptive ploys like these have been around for a while and can be used for anything from advertising to spreading malware (and maybe both). In fact, one of the download mirrors for the Xbox One emulator is hosted by zippyshare, and contains a download for a fake Flash Player.
Continuing support for video game emulators increases as new game consoles are released, so it’s no surprise that gamers would want to get their hands on an emulator for the Xbox One. However, make sure you take time to think through situations like these—how could an emulator realistically be available for a console that hasn’t been released yet, and where would you get the games? Don’t be another victim, and stay away from sites like these.
Thanks to Steven Burn for research material.
Joshua Cannell is a Malware Intelligence Analyst at Malwarebytes where he performs research and in-depth analysis on current malware threats. He has over 5 years of experience working with US defense intelligence agencies where he analyzed malware and developed defense strategies through reverse engineering techniques. His articles on the Unpacked blog feature the latest news in malware as well as full-length technical analysis. Follow him on Twitter @joshcannell