One Article Review
| Source |  Techworm |
|---|---|
| Identifiant | 8630526 |
| Date de publication | 2024-11-28 16:02:54 (vue: 2024-12-27 09:08:19) |
| Titre | Hackers Exploit Popular Godot Game Engine To Spread Malware |
| Texte | Security researchers at Check Point Research have discovered a new malware loader “GodLoader” that exploits the game engine “Godot Engine.” For those unaware, Godot Engine is a popular open-source game engine known for its versatility in 2D and 3D game development. Its user-friendly interface and robust feature set allow developers to export games to various platforms, including Windows, macOS, Linux, Android, iOS, HTML5 (Web), and more. Its Python-inspired scripting language, GDScript, alongside support for VisualScript and C#, makes it a favorite among developers across skill levels. With an active and growing community of over 2,700 developers and around 80,000 social media followers, the platform’s popularity and dedicated support are undeniable. However, the platform’s popularity has also made it a target for cybercriminals, who have leveraged its open-source nature to deliver malicious commands and malware while remaining undetected by almost all antivirus engines in VirusTotal. In a report titled “Gaming Engines: An Undetected Playground for Malware Loaders,” the researchers say they believe that the threat actor behind the GodLoader malware has been using it since June 29, 2024, and has infected more than 17,000 devices so far. Notably, these payloads included cryptocurrency miners like XMRig, which was hosted on a private Pastebin file uploaded on May 10, 2024. The file contained the XMRigconfiguration related to the campaign, which was visited 206,913 times. The malware is distributed via the Stargazers Ghost Network, which operates as a Distribution-as-Service (DaaS) model, enabling malicious malware’s “legitimate” distribution through GitHub repositories. Approximately 200 repositories and more than 225 Stargazer Ghost accounts were used to distribute GodLoader throughout September and October. The attacks, targeting developers, gamers, and general users, were carried out in four waves via GitHub repositories on September 12, September 14, September 29, and October 3, 2024, tempting them to download infected tools and games. “Godot uses .pck (pack) files to bundle game assets and resources, such as scripts, scenes, textures, sounds, and other data. The game can load these files dynamically, allowing developers to distribute updates, downloadable content (DLC), or additional game assets without modifying the core game executable,” Check Point researchers said in the report. “These pack files might contain elements related to the games, images, audio files, and any other “static” files. In addition to these static files, .pck files can include scripts written in GDScript (.gd). These scripts can be executed when the .pck is loaded using the built-in callback function _ready(), allowing the game to add new functionality or modify existing behavior. “This feature gives attackers many possibilities, from downloading additional malware to executing remote payloads-all while remaining undetected. Since GDScript is a fully functional language, threat actors have many functions like anti-sandbox, anti-virtual machine measures, and remote payload execution, enabling the malware to remain undetected.” While the researchers only identified GodLoader samples specifically targeting Windows systems, they also developed a proof-of-concept exploit using GDScript, demonstrating how easily the malware could be adapted to target Linux and macOS systems. To reduce the risks posed by threats like GodLoader, it is crucial to keep operating systems and applications updated with timely patches and exercise caution with unexpe |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | “gaming “godot “one 000 200 2024 206 225 700 913 accounts across active actor actors adapted add addition additional against akin all allow allowing almost alongside also always among android anti antivirus any applications approximately are around assets attackers attacks attractive audio awareness barring been behavior behind believe bleepingcomputer: built bundle callback campaign can carried caution challenges check click commands community concept consulting contain contained the xmrigconfiguration containing content core could create crucial cryptocurrency cybercriminals cybersecurity daas data dedicated deliver demonstrating details: developed developers development devices discovered distribute distributed distribution dlc does doubt download downloadable downloading due dynamically easily editor elements emails employees enabling encourage engine engines engines: exe executable execute executed executing execution exercise existing exploit exploit” exploits export far favorite feature file files followers following fostering four friendly from fully function functional functionality functions game gamers games gdscript general ghost github gives godloader godot growing hackers handler has have hosted how however html5 identified images improve include included including infected inspired installed instance interface ios its june keep known language less level levels leveraged like like xmrig links linux load loaded loader loaders location machine macos made maintainer makes malicious malware malware’s many may means measures media merely messages might miners model modify modifying more nature network new not notably october only open operates operating option other out over pack particularly pastebin patches payload payloads pck pck” people platform’s platforms playground point popular popularity posed possibilities possible potential private program programming programs proof protection python ready reduce register related remain remaining remote report repositories research researchers resources response risk risks robust ruby runtime runtimes rémi said same samples sandbox say scenes scripting scripts security sent september service set ship significantly similar since size skill social software some sounds source sources specialists specific specifically spread stargazer stargazers statement states static such suited support system systems target targeting team member technical tempting textures than them then these they believe those threat threats through throughout timely times titled together tools trusted unaware undeniable undetected unexpected unknown unpack updated updates uploaded used user users uses using various versatility verschelde virtual virustotal visited visualscript vulnerabilities vulnerability waves way web when which who will windows without would write writing written we “godloader” “godot “legitimate” “static” “these “this |
| Tags | Malware Tool Vulnerability Threat Mobile Technical |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.