Gaming Engines: An Undetected Playground for Malware Loaders (research.checkpoint.com)
from Joker@sh.itjust.works to cybersecurity@infosec.pub on 27 Nov 14:53
https://sh.itjust.works/post/28695806

Key Points

> - Check Point Research discovered a new technique taking advantage of Godot Engine, a popular open-source game engine, to execute crafted GDScript, code which triggers malicious commands and delivers malware. The technique remains undetected by almost all antivirus engines in VirusTotal. > - Check Point identified GodLoader, a loader that employs this new technique. The threat actor behind this malware has been utilizing it since June 29, 2024, infecting over 17,000 machines > - The malicious GodLoader is distributed by the Stargazers Ghost Network, a GitHub network that distributes malware as a service. Throughout September and October, approximately 200 repositories and over 225 Stargazers were used to legitimize the repositories distributing the malware. > - This new technique allows threat actors to target and infect devices across multiple platforms, such as Windows, macOS, Linux, Android, and iOS. > - Check Point Research demonstrates how this multi-platform technique can successfully drop payloads in Linux and MacOS. > - A potential attack can target over 1.2 million users of Godot-developed games. These scenarios involve taking advantage of legitimate Godot executables to load malicious scripts in the form of mods or other downloadable content.

#cybersecurity

threaded - newest