- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
cross-posted from: https://lemmy.zip/post/27055106
Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months.
I think its malicious to even mention Godot in a headline with this weak context. It will confuse and scare people into thinking godot is unsafe. Some stupid people downloading and executing code from a malicious source is not noteworthy enough to justify a headline like this. It almost sounds like godot has a RCE from how clickbaity this headline is written.
This is probably the larger story from the OP link:
Edit: a bit more info:
https://research.checkpoint.com/2024/gaming-engines-an-undetected-playground-for-malware-loaders/
My take is that Godot has never claimed to be sandboxed, as long as OS.execute() is enabled by default then running arbitrary code in the user context is trivial. The solution of course is to only run code that you trust.
Yeah that is more headline worthy indeed.