One day after players discovered that the Philippines League of Legends client may have been hijacked by a cryptocurrency mining program, Garena responded to confirm that the “unauthorized” program has now been removed.
“There was an unauthorized modification of the League of Legends PH client lobby where a certain Javascript code was inserted,” Garena said in the Facebook post. “This code performs blockchain mining on affected computers, which consumes CPU resources from these computers. Apart from increased CPU usage, extensive analysis from our security engineers has determined that there is no other impact on affected computers.”
Garena went onto explain in the comments that although the program did essentially use the player’s processor to mine for Monero, a form of cryptocurrency, it didn’t access any personal information located anywhere on the player’s computer.
The security team eventually removed the threat from the client at 3:30pm CT on July 10. The program lived on the client for about 38 hours, according to its analysis, beginning on 1:16am CT on July 8. Players can consider themselves lucky that the program didn’t access any of their personal information, because if that was the goal, it would have had plenty of time to do so.
Players complained in the comments of the Facebook page that this issue has been around “for months,” but that yesterday’s Reddit thread was what finally garnered attention towards it. Garena responded by saying this threat had definitely started days ago, rather than months ago, but didn’t comment on whether or not there have been other threats like this in the past.
If you’re playing in the Philippines, or you plan to play there, the League client should be safe to use again. If you find any strange or malicious activity in the client, be sure to email Garena directly at the address in the Facebook update. Making a Reddit post never hurt anyone, either.
