Malware is being hidden in seemingly legitimate files that gamers download to install cheat codes or modifications, says Cisco Talos.
Cybercriminals have launched a new malware attack aimed at video game players.
SEE: Hiring Kit: Game Developer (TechRepublic Premium)
In a report published Wednesday, security firm Cisco Talos said it discovered a campaign in which attackers are concealing malware inside otherwise legitimate files. These files are ones typically downloaded by gamers and modders (people who like to modify hardware and software) to install cheat codes or make modifications for games.
This campaign uses a cryptor, a tool designed to conceal malicious code so it can’t easily be detected by security products. The cryptor employs Visual Basic 6 as well as shellcode and process injection techniques to disguise the malicious content. As such, security analysts not familiar with VB could face challenges trying to dissect these files.
Cisco Talos called this type of attack a return to a classic virus campaign. Many gamers like to grab cheat codes and modifications to enhance or change their gameplay. As such, the attackers are using gaming and OS modding tools to hide and deploy malware to infest their victims. Cisco Talos said it’s found several small tools that look like game patches, tweaks or mods but have been backdoored with malware hidden by the cryptor.
Such attacks don’t necessarily require advanced skills or knowledge on the part of the cybercriminal. The internet is host to plenty of documentation on obfuscation techniques. Cryptors are easy and cheap to access. Plus, the VB-based cryptor used in this campaign was complex enough to easily conceal its payload against traditional anti-malware tools.
This tactic is especially nasty as people continue to work from home where they use both personal and business devices. Employees can easily download modding tools and cheat engines from dubious sources to tweak their PC or their games. Problems arise if people do this on the same machine they use for work, posing a risk to corporate networks.
Organizations and employees need to exercise extra caution with a remote work environment, especially when using the same machine for personal and business tasks.
First, realize how dangerous it is to install random software from questionable sources, especially when connected to a company network. Second, organizations should ensure that their workers can download software only from trusted sources. Third, organizations must have a multilayered security architecture to detect these kinds of attacks. Cybercriminals may be able to bypass one or two security measures but will face challenges trying to bypass all of them.