Today > | 7 High | 23 Medium | 2 Low vulnerabilities   -   You can now download lists of IOCs here!

Gaming Engines: An Undetected Playground for Malware Loaders

Nov. 29, 2024, 11:03 a.m.

Description

Check Point Research uncovered a new technique exploiting the Godot Engine to execute malicious GDScript code, remaining undetected by most antivirus tools. The technique has been used since June 2024, potentially infecting over 17,000 machines. A loader called GodLoader employs this method and is distributed via the Stargazers Ghost Network on GitHub. The technique allows cross-platform targeting of Windows, macOS, Linux, Android, and iOS devices. Researchers demonstrated successful payload drops on Linux and MacOS. This approach could potentially target over 1.2 million users of Godot-developed games through malicious mods or downloadable content.

Date

Published: Nov. 27, 2024, 3:11 p.m.

Created: Nov. 27, 2024, 3:11 p.m.

Modified: Nov. 29, 2024, 11:03 a.m.

Attack Patterns

GodLoader

RedLine

XMRig

T1573

T1547

T1129

T1106

T1105

T1071

T1055

T1036

T1204

T1140

T1027

T1553

T1078

T1059