EvolvedAim Cheat for Tarkov Punishes Cheaters with Data Theft

The developer of EvolvedAim, a popular cheat program for Escape From Tarkov, has recently found himself at the center of a major scandal. It was discovered that, along with the paid subscription cheat, the enterprising programmer was secretly distributing malware that stole information from users.

Escape From Tarkov is a hardcore military simulator that attracts both honest players and cheaters. EvolvedAim offered users a range of features, such as automated trading and skill training. For a while, the EvolvedAim developer ran a successful business, advertising on forums and using a subscription system for access. However, this business success was short-lived.

How the Scam Unfolded

The story began when the EvolvedAim developer, known as Mythical, started collaborating with the owner of a major Tarkov cheat forum. For about a year, both parties enjoyed steady profits. However, a conflict arose when Mythical decided to reduce the forum’s share of the revenue. Soon after, forum representatives noticed suspicious login attempts and leaks of desktop screenshots. Connecting the dots, they concluded that Mythical had embedded malware in his product to steal data.

Consequences Beyond a Ban

Cheat-related scams in online games are nothing new, but in this case, the consequences went far beyond a simple permanent ban. Since EvolvedAim was mostly used by adults, the stolen information could easily be used by hackers to access personal resources and even corporate data from the companies where these dishonest gamers worked.

Technical Analysis of the Malware

Experts from CyberArk analyzed EvolvedAim and found that the cheat was written in Python 3.10 and converted into an executable file using PyInstaller. By extracting and decompiling the code, they discovered that EvolvedAim contained malicious code running alongside its main cheat functions.

When launched, EvolvedAim would ask for a license key, but user information was immediately sent to the attackers. The malware, disguised as harmless processes, collected passwords and cookies from popular browsers. It also stole files from MetaMask crypto wallets and took desktop screenshots. The collected data was then uploaded to Mega.nz and the attackers were notified via Discord.

Why Cheaters Were Especially Vulnerable

The situation was made worse because many EvolvedAim users intentionally disabled their antivirus software or added the cheat process to exceptions, knowing that any software interfering with other programs would trigger security alerts. As a result, cheaters had virtually no chance to protect their data.

Aftermath and Lessons Learned

Once Mythical’s scheme was exposed, he was banned from all gaming forums he had worked with. Preliminary estimates suggest that just over a thousand people fell victim to the scam. EvolvedAim is no longer operational, its Discord server has been shut down, and the developer has ceased all activity.

This case demonstrates that using cheats can have serious consequences. Not only do users pay for access to cheats, but they also risk losing their personal data and potentially endangering corporate resources they can access.