CyberSecurityBoard
Sponsor Register Login

Threat Actors Trojanize Popular Versions of Games To Infect Systems Bypassing Evasion Techniques

By exploiting user trust in popular games and employing advanced evasion techniques, threat actors have demonstrated their ability to infiltrate systems undetected while maximizing financial gain through cryptomining. In a sophisticated cyberattack campaign dubbed “StaryDobry,” threat actors have exploited popular games to distribute malicious software, targeting users worldwide. The campaign, first detected on December 31, 2024, leveraged trojanized versions of games such as BeamNG.drive, Garry’s Mod, and Dyson Sphere Program, distributed via torrent sites. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. These repackaged games contained a hidden payload designed to bypass detection and install a cryptominer on victims’ systems. These checks scan for sandbox environments or debugging tools like taskmgr.exe and procmon.exe. If detected, the malware halts execution. The final payload, MTX64.exe, is decrypted using AES-128 and disguised as legitimate Windows DLL files by spoofing resource properties such as CompanyName and FileVersion. Upon execution, the installer decrypts and extracts malicious files using the AES algorithm with a hard-coded key. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The attackers capitalized on the holiday season’s surge in torrent activity, uploading these malicious game installers as early as September 2024. The malware’s primary goal was to deploy the XMRig cryptominer, exploiting the high-performance hardware of gaming systems to mine cryptocurrency. Key components include the unrar.dll dropper, which decrypts and executes additional payloads while evading detection by performing anti-debugging checks. The malware collects system fingerprints by retrieving parameters such as MachineGUID, memory size, processor count, and GPU details. It avoids execution on systems with fewer than eight CPU cores, ensuring optimal mining performance. While the security analysts at Securelist identified that the victims were primarily located in Russia, Brazil, Germany, Belarus, and Kazakhstan. Unlike typical mining campaigns that use public pools, this operation hosted its own mining infrastructure to evade detection.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 18 Feb 2025 21:15:15 +0000


Cyber News related to Threat Actors Trojanize Popular Versions of Games To Infect Systems Bypassing Evasion Techniques

5 Valuable Skills Kids Can Gain by Playing Video Games - Video games come in all shapes and sizes and can be very educational for children of all ages. Video games can provide children with valuable skills that can help them in their everyday lives. From problem-solving abilities to self-control, learning ...
2 years ago Welivesecurity.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
1 year ago Microsoft.com
Threat Actors Trojanize Popular Versions of Games To Infect Systems Bypassing Evasion Techniques - By exploiting user trust in popular games and employing advanced evasion techniques, threat actors have demonstrated their ability to infiltrate systems undetected while maximizing financial gain through cryptomining. In a sophisticated cyberattack ...
2 days ago Cybersecuritynews.com
Here's How to Make Your Gaming Experience Safer - Over 1 billion people worldwide regularly play online games. The emergence of high-quality games, multiple gaming mediums, and online communities has prompted gamers to overlook the dark side of online gaming. If you play games online on your ...
1 year ago Cybersecurity-insiders.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
7 months ago Securityaffairs.com
Secure email gateways struggle to keep pace with sophisticated phishing campaigns - In 2023, malicious email threats bypassing secure email gateways increased by more than 100%, according to Cofense. In just two years, Cofense identified over 1.5 million malicious emails bypassing their customers' SEGs, signaling a 37% increase in ...
11 months ago Helpnetsecurity.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
1 year ago Techrepublic.com
Riot Games Receives a 10 Million Dollar Ransom Demand - What Happened and How Can You Protect Your Organization? - Riot Games, the developer behind the popular video games League of Legends and Valorant, recently received a 10 million dollar ransom demand. This demand has the potential to cause chaos across the gaming world and can put any organization at risk if ...
2 years ago Heimdalsecurity.com
Companies Must Strengthen Cyber Defense in Face of Shifting Threat Actor Strategies - Critical for organizations to understand attackers' tactics, techniques, and procedures. The 2023 mid-year cyber threat report card portends an ominous outlook with staggering data including the fact that 332 million cryptojacking attacks were ...
1 year ago Cyberdefensemagazine.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
1 year ago Microsoft.com
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
8 months ago Microsoft.com
Insomniac hack files leak news on Wolverine, Spider-Man 3, and more - Oli Welsh is senior editor, U.K., providing news, analysis, and criticism of film, TV, and games. He has been covering the business & culture of video games for two decades. The ransomware group that hacked Spider-Man 2 developer Insomniac Games on ...
1 year ago Polygon.com
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
9 months ago Cybersecuritynews.com
What Is Threat Modeling? - Threat modeling emerges as a pivotal process in this landscape, offering a structured approach to identify, assess, and address potential security threats. Threat Modeling Adoption and Implementation The successful adoption of threat modeling within ...
1 year ago Feeds.dzone.com
Fragging: The Subscription Model Comes for Gamers - The video game industry is undergoing the same concerning changes we've seen before with film and TV, and it underscores the need for meaningful digital ownership. Twenty years ago you owned DVDs. Ten years ago you probably had a Netflix subscription ...
1 year ago Eff.org
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
1 year ago Techrepublic.com
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
1 year ago Cyberdefensemagazine.com
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities - SUMMARY. The Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, National Security Agency, Environmental Protection Agency, and the Israel National Cyber Directorate-hereafter referred to as "The authoring agencies"-are ...
1 year ago Cisa.gov
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
1 year ago Thedfirreport.com
Cryptominer hidden in pirated games lands mostly on Russian computers | The Record from Recorded Future News - Earlier in September, researchers from Russian cybersecurity firm F.A.C.C.T. discovered a campaign where hackers attempted to deliver XMRig to workers at Russian tech companies, retail marketplaces, insurance firms, and financial businesses through ...
20 hours ago Therecord.media
Riot Games Refuses to Give in to Hackers' Ransom Demand - Gaming giant Riot Games recently experienced what it calls a “security incident” in which hackers demanded a ransom in exchange for the release of its data. Riot refused to pay and took measures to protect its employees and customers. The company ...
2 years ago Bleepingcomputer.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com
Riot Games Hacked: What You Need to Know - Riot Games, the company responsible for the popular video game League of Legends, has been hacked. This attack is the latest example of cyber-crime hitting the gaming industry, putting user data and information at risk. In this article, we’ll ...
2 years ago Securityaffairs.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
7 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)