"Gaming Mods, Cheat Engines Are Spreading Trojan Malware and Planting Backdoors"
New research from the security firm Cisco Talos sheds light on a malware campaign targeting the systems of gamers and modders. The campaign involves malvertising and game modding-focused YouTube videos that lead users to malicious websites or downloads. According to researchers, the cybercriminals behind this campaign are using gaming tools to deploy a cryptor for various malware strains, most of which have been discovered to be Remote Access Trojans (RATs). A cryptor is a tool designed to prevent the reverse-engineering or analysis of malware. The researchers have found cheats, cheat engines, and mods that contain cryptors capable of hiding RAT code and backdoors through many layers of obfuscation. When a user downloads and installs a malicious mod or cheat on their machine, a dropper injects code to evade detection tools. From there, malware can be executed. Samples that have been tracked so far include an information stealer called XtremeRAT. This article continues to discuss the tactics and tools used in the new malware campaign targeting video gamers and modders, as well as how this attack wave can affect enterprises.
ZDNet reports "Gaming Mods, Cheat Engines Are Spreading Trojan Malware and Planting Backdoors"