Notice: The information in this report is a synopsis of the source articles.  For in depth information please refer to the source cited at the end of each article.


Date: 31 March 2021

Title:  Gaming mods, cheat engines are spreading Trojan malware and planting backdoors

Gaming tools used to modify or cheat online games are being used to deploy a cryptor — code designed to prevent reverse-engineering or analysis — for a variety of malware strains, the majority of which appear to be Remote Access Trojans (RATs).  The attack wave is focused on compromising the systems of gamers and modders. The initial attack vector begins with malvertising — adverts that lead to malicious websites or downloads — as well as YouTube how-to videos focused on game modding that link to malicious content

Cheats, cheat engines, and mods have been found that contain cryptors able to hide RAT code and backdoors through multiple layers of obfuscation. Once a malicious mod or cheat has been downloaded and installed on a target machine, a dropper injects code into a new process to circumvent basic antivirus tools and detection algorithms.  The malware is then able to execute. Samples tracked so far include the deployment of XtremeRAT, an information stealer that has been associated with spam campaigns and the deployment of Zeus variants.

As workers continue to operate remotely during the COVID-19 pandemic and mix work with their private computer usage, enterprises are even more likely to be attacked by compromised personal PC equipment belonging to their employees,” the researchers say. “Employees will sometimes download modding tools or cheat engines from questionable sources to tweak their PC or games running on the same machine they use for their job

What to do?

Include the threat of online gaming into your cybersecurity training especially for your off-site work force.

Ensure your anti-virus and anti-malware software is operational and current.

What can you do to when this happens to you?

If you find your network has been compromised immediately shut down and find the source of the breach.

Take steps to mitigate any virus or malware

If data has been compromised and/or exfiltrated notify all interested parties.

Rebuild the network from a known clean backup


Gaming mods, cheat engines are spreading Trojan malware and planting backdoors | ZDNet

 Charlie Osborne for Zero Day | March 31, 2021