zCat on Nostr: Hackers abuse popular Godot game engine to infect thousands of PCs Hackers have used ...
Hackers abuse popular Godot game engine to infect thousands of PCs
Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months.
As Check Point Research found while investigating the attacks, threat actors can use this malware loader to target gamers across all major platforms, including Windows, macOS, Linux, Android, and iOS.
It's also used to leverage Godot's flexibility and its GDScript scripting language capabilities to execute arbitrary code and bypass detection systems using the game engine .pck files, which package game assets, to embed harmful scripts.
Once loaded, the maliciously crafted files trigger malicious code on the victims' devices, enabling attackers to steal credentials or download additional payloads, including the XMRig crypto miner. This miner malware's configuration was hosted on a private Pastebin file uploaded in May, which was visited 206,913 times throughout the campaign.
See more:
https://www.bleepingcomputer.com/news/security/new-godloader-malware-infects-thousands-of-gamers-using-godot-scripts/
#cybersecurity #godot #malware
Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months.
As Check Point Research found while investigating the attacks, threat actors can use this malware loader to target gamers across all major platforms, including Windows, macOS, Linux, Android, and iOS.
It's also used to leverage Godot's flexibility and its GDScript scripting language capabilities to execute arbitrary code and bypass detection systems using the game engine .pck files, which package game assets, to embed harmful scripts.
Once loaded, the maliciously crafted files trigger malicious code on the victims' devices, enabling attackers to steal credentials or download additional payloads, including the XMRig crypto miner. This miner malware's configuration was hosted on a private Pastebin file uploaded in May, which was visited 206,913 times throughout the campaign.
See more:
https://www.bleepingcomputer.com/news/security/new-godloader-malware-infects-thousands-of-gamers-using-godot-scripts/
#cybersecurity #godot #malware