Gaming Engines: An Undetected Playground for Malware Loaders

Nov. 29, 2024, 11:03 a.m.

Description

Check Point Research uncovered a new technique exploiting the Godot Engine to execute malicious GDScript code, remaining undetected by most antivirus tools. The technique has been used since June 2024, potentially infecting over 17,000 machines. A loader called GodLoader employs this method and is distributed via the Stargazers Ghost Network on GitHub. The technique allows cross-platform targeting of Windows, macOS, Linux, Android, and iOS devices. Researchers demonstrated successful payload drops on Linux and MacOS. This approach could potentially target over 1.2 million users of Godot-developed games through malicious mods or downloadable content.

External References

https://research.checkpoint.com/2024/gaming-engines-an-undetected-playground-for-malware-loaders/
https://otx.alienvault.com/pulse/674736a47af4929a39b28fb6
Tags
xmrig
malware loader
redline
cross-platform
gaming
2024-11-27
godot engine
gdscript
undetected technique
stargazers ghost network
godloader

Date

  • Created: Nov. 27, 2024, 3:11 p.m.
  • Published: Nov. 27, 2024, 3:11 p.m.
  • Modified: Nov. 29, 2024, 11:03 a.m.

Attack Patterns

  • GodLoader
  • RedLine
  • XMRig