Ep 32 Gamers and Modders are under attack

32 Gamers and Modders are under attack

Tech Republic - Malicious attack now targeting video gamers and modders https://www.techrepublic.com/article/malicious-attack-now-targeting-video-gamers-and-modders/

Cisco Talos - Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools https://blog.talosintelligence.com/2021/03/cheating-cheater-how-adversaries-are.html

Hello and welcome back to USB our Guest Cyber Security tips. I’m Theo, here to help you demystify cyber security topics. Todays episode is about cheaters or modders getting infected with RAT’s or a Remote Access Trojan. I’m sure you are thinking “good!” But…. We don’t want anyone to get hacked…. even cheaters….So, I just did an episode about RAT’s, I’ll put a link in the show notes or scroll up or down to get to it and I put 2 articles in the show notes about this. The first is a quick article from Tech Republic with a high level overview of the newest plight of the innocent gamer just looking for an edge.The second is a deep dive from Cisco Talos into the RAT in question.

So First off, Review time, What is a RAT. A Remote Access Trojan is a Trojan virus or Malware concealed as something safe to download but also allows the attacker Remote Access of your device or computer.

Tech Republic reports that Cisco Talos has discovered a campaign where attackers are concealing malware inside legitimate files. These are files that a gamer or modder would download to install cheats or make modifications to their games.

What makes this attack interesting is that the attackers are using a cryptor, which is a tool used to conceal malicious code making it difficult to detect by security products. The cryptor makes use of Visual Basic 6, shellcode and process injection techniques to disguise the malicious payload. Visual Basic adds another layer to the obfuscation process, making the analysis of these malicious files difficult and allowing them a better chance to slip through the detection process. If these malicious files are slipping through detection and antivirus programs are letting them be downloaded without warning there is a higher likelihood that the aimbot you are downloading for Apex Legends could have a RAT hiding in it.

And as a cherry on top? These are just files, So the bad guys can easily download them from any Dark-Mart? website. That’s not a website… My point is that attackers don’t need to know how to make RAT’s, or malware or anything malicious anymore. They can just buy and download it from their preferred malicious software vendor on the seediest corners of the web, like I buy pop-it’s for my kid on Amazon.  Then host the RAT on a website they make on WIX or Wordpress, and title the download page “Best Aim-bot for Apex”.

I’m not saying that there are not cheats or mods that are safe for your computer, there are. I’m not going to provide links to them either. Cheating in a multiplayer game is wrong and you have a good chance of being caught now. Long Story Short/The Long and Short is downloading cheats is an easy way for malware to end up on your machine and a RAT is one of the worst kinds. Stop cheating and Take your negative K/D lumps like we all have.

That's all for today's episode. If you have a topic you would like me to cover drop me a line at anchor.fm/usbog or email me at usbourguest@gmail.com. If I've helped you in any way please consider telling friends or family about the podcast. Or rate and review the podcast on whatever platform you use to listen. Thank you for listening and have a great day.