​Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months.

  • Eibriel
    link
    fedilink
    53 days ago

    @BrikoX Godot was not abused. What I understand:

    What actually happened: Bad actors realized that they could use Godot to code Malware that is not detected by antivirus software. They create open source tools on Github (Cracks, Twitch manager for example, and 188 others), but that tool is a Malware coded in Godot that downloads and runs additional malicious software.

    What could happen, but probably didn’t: Bad actors could change the data of a Godot game, turning it into malware.

  • @Tyfud
    link
    English
    5
    edit-2
    3 days ago

    This is a non issue. It’s like saying hackers used a programming language to write malicious code.

    Of course they did. How else would they do it?

    They’re just using the Godot engine (C#) to do it instead of the python interpreter.

    Edit: The people downvoting appear to not understand how this works.

    They wrote a module and made it available through the Gadot GodLoader “marketplace” for people to download. You could do the same thing with Unity3D, or UnrealEngine, or the Android store, or the Apple Store. The difference is those have safeguards from paid people and systems to verify the authenticity and maliciousness of the tools/code that are submitted. Gadot/Godloader lacks these controls in their system.

    The only thing it’s really doing it running arbitrary code. Arbitrary code the user would have to in some way allow it to run by installing an unknown/unverified script.

    Similar to something like the Greasemonkey extension for FF/Chrome.

    When you use modules and tools like this you are taking a risk that you are able to self-monitor, otherwise only run scripts/download modules from trusted sources.

    There’s nothing specific about Gadot’s system here, this is like clickbait.

  • @Kelly
    link
    English
    33 days ago

    The Stargazers Ghost Network uses over 3,000 GitHub “ghost” accounts to create networks of hundreds of repositories that can be used to deliver malware (mainly information stealers like RedLine, Lumma Stealer, Rhadamanthys, RisePro, and Atlantida Stealer) and star, fork, and subscribe to these malicious repos to push them to GitHub’s trending section and increase their apparent legitimacy.