Top game engine Godot hijacked to infect thousands of PCs with malware
- Security researchers at Check Point Research discover new malware loader written in Godot programming language
- Godot is a popular open source game development platform
- So far, at least 17,000 devices have been infected with infostealers and cryptojackers
Hackers are exploiting a popular gaming engine to infect people’s computers with malware used to steal private data and cryptocurrency.
Researchers at Check Point Research have detailed a previously unnoticed hacking technique that targets users of the Godot Gaming Engine, an open source game development platform used to build both 2D and 3D games for Windows, macOS, Linux, Android , iOS, HTML5 and others. with a community of more than 2,700 developers.
Check Point says that since late June 2024, criminals have built malicious code written in GDScript (Godot’s Python-like scripting language), relying on some 200 GitHub repositories and more than 220 Stargazer Ghost accounts, which have a hosting a piece of malware called GodLoader.
Infostealers and cryptojackers
In typical malware loader fashion, GodLoader dropped several types of malware on the infected devices, with researchers particularly noticing the RedLine stealer and XMRig, a popular cryptojacker.
RedLine is a notorious infostealer that can obtain passwords, crypto wallet details and other data stored in browsers, sensitive data, session cookies and more. XMRig turns the infected device into a cryptocurrency miner and generates tokens for the attacker (while rendering the computer useless for virtually everything else).
GodLoader, the researchers further explained, was downloaded at least 17,000 times, which is a rough estimate of the number of infected devices. However, the attack surface is much, much larger.
Check Point states that crooks could theoretically hide malware in cheats, cracks or modes for various Godot-built games. Looking at the number of popular games developed with Godot, the attack surface would be around 1.2 million people.
Since GodLoader has not yet been flagged by most antivirus programs, it is essential to remain vigilant and cautious when dealing with Godot-related content at this time.