In an unusual twist in the world of cybercrime, a new investigation by the cybersecurity company Sophos has revealed that even cybercriminals are not safe from being targeted by their own kind. In a
report titled 'The Strange Tale of ischhfd83: When Cybercriminals Eat Their Own', Sophos uncovered how hackers are tricking and infecting each other using fake tools and game cheats loaded with viruses.
But here is the catch: these same tactics can just as easily be used to target ordinary people like you and me. Whether you are downloading a game, an app, or even a utility tool from an unknown source, you could be putting your personal data and devices at serious risk.
With India witnessing a massive boom in smartphone use, gaming, and fin-tech adoption, the country has also seen a parallel rise in cybercrime. Cybercriminals often send links through WhatsApp, Telegram, or emails to trick people into downloading dangerous apps or files. Increasingly, Indians are falling prey to malware delivered via fake Android apps, deceptive investment schemes and even links shared on messaging apps like WhatsApp and Telegram.
This tactic—hiding malware inside fake software—isn’t new. It has been used before in popular games like Minecraft, Fortnite, and Valorant. But now the tricks have become smarter, harder to detect and more dangerous.
Sophos found malware-laced game cheats and hacking tools weaponised with powerful information stealers and remote access trojans (RATs) to infect other hackers and those who love to cheat in games with pirated codes.
While this development sounds like poetic justice or cyber-schadenfreude (pleasure derived from another person's troubles or pains), the investigation carries a serious warning: the tactics used in these attacks can just as easily be deployed against unsuspecting everyday users. What does all this mean in lay terms? Let us go to the beginning.
How It Started: A Simple Query, a Dangerous Trail
While investigating a seemingly routine customer support query, Sophos researchers stumbled on this issue and dug deeper to uncover a piece of program code leading to 'backdoored malware', shady forums and GitHub repositories filled with booby-trapped code, which are designed to be triggered only by an attack and do not affect normal program execution.
The campaign is suspected to be the work of a hacker using the alias ‘ischhfd83’, who has been quietly inserting malicious code into cheating software, game-cracked versions and tools aimed at low-tier cybercriminals or users looking for these things in a cost-effective (read: free) manner.
These programs are, typically, shared on forums, Discord servers and GitHub repositories with promises of boosting gaming performance or hacking abilities. However, hidden in the code are stealthy infostealers or RATs designed to take control of the user's device, siphon off credentials, or monitor user activity.
The twist? Many of the victims are individuals already engaging in dubious activities themselves, such as those attempting to hack video games, using pirated software, or the newbie 'hackers' attempting low-level 'cyberattacks'. Yet, the real-world implications of such malware distribution tactics go far beyond this niche circle.
According to Sophos, the attacker appears to have designed a campaign specifically targeting those who believe they are clever enough to bend the rules—gamers using cheats, or aspiring cybercriminals testing malware kits. The malicious code is often disguised as 'game cheat loaders' or hacking utilities and is distributed freely across unmoderated platforms. Once downloaded and executed, the tool infects the system, granting attackers remote access or stealing personal and financial data.
What makes this campaign especially sinister is its use of trust as a weapon. Users often assume that code hosted on GitHub, Pastebin, or similar repositories is safe, especially when it is presented in a polished and well-documented format. "Malicious payloads are sometimes hidden behind layers of smokescreen, making them hard to detect by conventional antivirus tools," Sophos says.
For example, code snippets were found to contain heavily scrambled strings or attempts to call external domains that do not appear suspicious at first glance. In some instances, the malware uses environment checks to avoid being detected in a security researcher’s virtual machine, indicating that the creators are sophisticated and cautious.
Though the campaign initially appears to target shady users, Sophos warns that no one is entirely safe. “Threat actors don’t always care who they infect,” the report notes. “They only care about effectiveness.”
This means that a curious teenager looking for a game mod or an inexperienced software developer trying to experiment with online tools could end up falling victim.
In fact, many similar campaigns in the past have taken the same approach—spreading trojans and stealers via open forums, cracked software bundles, fake browser extensions and phishing emails.
The use of malware to target cheaters is not new. But the latest development is more covert and complicated and is distributed in ways that evade conventional screening.
One of the clearest takeaways from the Sophos report is the inherent danger of downloading software, no matter how seemingly benign, from untrusted or unauthenticated sources. The very same tactics used to trick hackers can be and have been used to target common internet users.
In that context, the 'ischhfd83' campaign is more than a curiosity—it is a cautionary tale.
How To Stay Safe: Precautions for the Average User
To avoid falling victim to these stealthy campaigns, you seriously need to follow some strict rules or guidelines.
Here are a few guidelines....
- Avoid downloading from untrusted sources
Never download software, game cheats, cracks, or utility tools from random forums, file-sharing platforms, or unknown GitHub repositories. Stick to official app stores and trusted developers. This applies to even antivirus or malware removal tools.
- Use a reputable antivirus
Keep the antivirus software up to date. While some malware can evade basic protection, good endpoint security solutions offer behavioural detection and cloud-based threat analysis.
- Inspect code (If you are a developer)
If you must download code or scripts, review it line-by-line before running. Red flags include obfuscated or scrambled strings, references to unfamiliar domains, or commands that invoke Powershell or run system processes. A good starting point would be using a good and reputable dialogue-based artificially intelligent (AI) chatbot tool like ChatGPT.
- Run unfamiliar code in a sandbox
Use a virtual machine (VM) or sandbox environment to test code before running it on your main device. This can help contain malicious behaviour and prevent wider damage.
- Use online scanners
Platforms like VirusTotal, Joe Sandbox and Hybrid Analysis can analyse files and URLs before you open them. These tools are often free and provide quick threat assessments.
- Be wary of social engineering
Avoid clicking on links or attachments from unknown sources, even if they appear to come from a friend, colleague or relative. Cybercriminals often hijack email and social media accounts to distribute malware.
- Keep your system updated
Always install the latest security patches for your operating system, browsers, and key applications. Many exploits rely on outdated systems.
- Enable multi-factor authentication (MFA)
For all your key accounts—email, banking, social media—use MFA. This adds an additional layer of protection in case your passwords are compromised.
- Educate yourself and your family
Awareness is your best defence. Talk to children and elderly family members about online risks, especially if they are likely to download apps, games, or forward unknown messages.
- Report suspicious activity
If you suspect you have been targeted by malware, report it to local cybercrime authorities (such as India’s cybercrime reporting portal: cybercrime.gov.in).
What Makes This Investigation Unique
Sophos’ report is significant not just for the technical insights, but for the moral complexity it exposes. Here is a scenario where criminals—expecting to exploit others—become victims themselves. But in the vast and borderless world of the internet, such self-inflicted wounds can spill over, affecting innocent users who simply happen to be in the wrong place at the wrong time.
The use of open-source tools for malware delivery also raises bigger questions about code auditing, digital trust, and the limits of the 'do-it-yourself' (DIY) culture online. As platforms like GitHub and Reddit grow, so does their potential to be misused.
Cybersecurity experts believe we are likely to see more of such campaigns in the future. Attackers are evolving, and so are their methods. “The approach does seem to be popular and effective,” the Sophos report cautions, “and may continue in the future.”
For Indian users—many of whom are new to digital ecosystems—the lesson is clear: curiosity and convenience should never override caution. The fact that even seasoned hackers are being tricked should be proof enough that nobody is immune.
Whether you are a student downloading a coding tool or a gamer trying to beat the system, don’t trust everything that looks helpful.
The strange tale of ischhfd83 serves as a sharp reminder that in cyberspace, danger can wear many disguises—even the ones we think we control. In the end, the only real defence is vigilance, education and a healthy dose of scepticism.
Stay Alert, Stay Safe!
