Malicious code is hidden in cheats and mods that target the gaming community

Recently, international security researchers are noticing an increasing trend in threat agent cases targeting the gaming community.

Through mods, cheats, and even patches in a series of censored games, hackers will implant malware (malicious code) capable of stealing information from systems. infected, mostly the PCs of gamers or those working in the gaming industry.

Notably, attackers mainly use YouTube's social media and video tutorials to promote hacking tools, cheats, or 'floating' mods that contain malware. they evolve. When the victim downloads a mod to his computer and runs it, the malware immediately spreads on the system.

Over the past few months, researchers from the international cybersecurity organization Cisco Talos have consistently discovered many campaigns using the above tactics to commit malicious behavior. Experts say they've "seen some little tools that look like game patches, mods, or modifiers" bundled with rare, confusing malware.

'This type of attack can be seen as a return to classic forms of virus spreading - video game players are no strangers to the need to avoid downloading the wrong malware while trying to dissuade it. card in terms of the game software they are playing, such as applying the mod '.

One of the malware strains commonly deployed on gamers' computers in this form of attacks is XtremeRAT (also known as ExtRat). This is a longstanding remote access trojan (RAT) that has been used in traditional cybercrime's targeted attacks since at least 2010.

Malicious code is hidden in cheats and mods that target the gaming community Picture 1 Malicious code is hidden in cheats and mods that target the gaming community Picture 1

XtremeRAT allows its operators to filter documents from compromised systems, record keystrokes, take screenshots, record by webcam or record with microphone, and interact directly with victims. via remote shell, etc.

The ability to hide malicious code

To enhance the stealth of malicious code, threat actors often use a complex VisualBasic-based encoder and shellcode that hinders analysis and detection processes, and conceals the final volume. deployed in their attacks.

Malware distribution tools deployed on gamers' systems execute malicious game engines that also use different code injection techniques to inject malicious code into new system processes. This makes detecting malicious code more difficult, as it allows the malware to hide the final payload from some anti-malware.

With the trend of working from home during an epidemic, the use of a personal PC to connect to the corporate network is increasing - this is a serious threat to enterprise networks.