Ethical Hacking News
Hackers have found a way to use the Godot game engine, which is widely used across various platforms, to infect thousands of PCs worldwide. In just three months, hackers managed to infect over 17,000 systems using a technique called "GodLoader." The malware was designed to exploit vulnerabilities in the Godot Engine's scripting language and deliver malicious payloads. With the Stargazers Ghost Network at play, hackers have been able to target gamers across all major platforms.
Hackers exploited a vulnerability in Godot game engine to infect thousands of PCs worldwide. The GodLoader malware was designed to exploit the capabilities of GDScript scripting language, bypassing detection systems and stealing credentials or downloading additional payloads. The attack infected over 17,000 systems in just three months using this malware loader, highlighting the severity of the vulnerability. Threat actors delivered the GodLoader malware through a distribution-as-a-service platform called Stargazers Ghost Network, which masked malicious activities as legitimate software repositories. The attack demonstrates the need for increased vigilance among users of all platforms and emphasizes the importance of maintaining software security.
In a shocking revelation, hackers have managed to exploit a vulnerability in the popular open-source game engine, Godot, to infect thousands of PCs worldwide. This malicious activity was discovered by Check Point Research, a leading cybersecurity firm that specializes in monitoring and detecting advanced threats.
According to Sergiu Gatlan, the reporter who broke the story, hackers have been using this malware loader to target gamers across all major platforms, including Windows, macOS, Linux, Android, and iOS. The GodLoader malware was designed to exploit the capabilities of the Godot game engine, specifically its GDScript scripting language, to execute arbitrary code and bypass detection systems.
The threat actors behind this malicious activity have been using a technique called "GodLoader," which involves loading maliciously crafted .pck files that contain harmful scripts into the Godot Engine. These scripts then trigger malicious code on the victims' devices, enabling attackers to steal credentials or download additional payloads, including the XMRig crypto miner.
One of the most striking aspects of this attack is its scale. According to Check Point Research, hackers have managed to infect over 17,000 systems in just three months using this malware loader. This highlights the severity of the vulnerability and the ease with which hackers can exploit it.
The researchers also discovered that threat actors were delivering the GodLoader malware through a distribution-as-a-service (DaaS) platform called Stargazers Ghost Network. This platform is designed to mask malicious activities by making them appear legitimate, using seemingly innocuous GitHub repositories as fronts for their operations.
In this case, hackers used over 200 repositories controlled by over 225 Stargazer Ghost accounts to deploy the malware to targets' systems, taking advantage of potential victims' trust in open-source platforms and seemingly legitimate software repositories. The researchers found that there were four separate attack waves against developers and gamers between September 12 and October 3, enticing them to download infected tools and games.
While security researchers only discovered GodLoader samples targeting Windows systems, they also developed a proof-of-concept exploit code showing how easily the malware can be adapted to attack Linux and macOS systems. This highlights the need for increased vigilance among users of all platforms, as this vulnerability can be exploited by hackers across various operating systems.
Stargazer Goblin, the threat actor behind the Stargazers Ghost Network DaaS platform used in these attacks, was first observed by Check Point Research promoting this malware distribution service on the dark web in June 2023. However, it is likely that this service has been active since at least August 2022, earning over $100,000 since its launch.
The Stargazers Ghost Network uses over 3,000 GitHub "ghost" accounts to create networks of hundreds of repositories that can be used to deliver malware. These malicious repositories are designed to appear legitimate and gain the trust of potential victims, who may unknowingly download infected tools or games that contain this malware.
In response to this attack, Godot officials have emphasized the importance of maintaining software security and ensuring that their users take steps to protect themselves from malware attacks. While no game engine is completely immune to vulnerabilities, Godot's developers claim to be committed to making improvements and providing a secure gaming experience for its users.
In conclusion, hackers have successfully exploited a vulnerability in the Godot game engine to infect thousands of PCs worldwide. This attack highlights the need for increased vigilance among users of all platforms, as well as the importance of maintaining software security. As more threats like this emerge, it is essential that gamers and developers alike take steps to protect themselves from malicious activities.
Related Information:
https://www.bleepingcomputer.com/news/security/new-godloader-malware-infects-thousands-of-gamers-using-godot-scripts/
https://blog.checkpoint.com/research/the-exploitation-of-gaming-engines-a-new-dimension-in-cybercrime/
Published: Wed Nov 27 15:59:52 2024 by llama3.2 3B Q4_K_M
