Cisco Talos discovered a new campaign targeting mainly video game players. Attackers use a new cryptor in different malware campaigns. In order to evade detection, they hid their cryptor in some files users download to install cheat codes or game modifications.
The new cryptor lands in the video game
In order to avoid any security barier, the cryptor uses more obfuscation techniques. Thus, security analysts can not discover it easily, especially if they are not familiar with Visual Basic (VB) 6.
VB is a user-friendly programming language and development environment for beginners, from Microsoft. So, through its friendly graphical user interface (GUI), it helps them develop apps easily. Developers should only drag and drop objects but they can also write program code.
In order to change some games, users sometimes opt to download cheats or modifications (mods). Here is the opportunity hackers found. Thus, they attach hidden malware to these tools and infect their victims. So, specialists say that patches and mods obfuscate with the cryptor.
In fact, this is the way attackers trick users into executing malware droppers. As Cisco mentioned, this is “a return to form for classic virus campaigns”. Also, the team observed that, usually, gamers are familiar with avoiding malicious downloads when they want to change the games.
How to keep it away?
Cisco brings some pieces of advice to keep the danger away from enterprise networks. So, they say that defenders should prevent users from unknowingly execute malware. First of all, they should not install software from questionable sources.
But most workers continue to work remotely, during the COVID-19 pandemic. So, defenders should be vigilant and monitor the systems in their networks. And they should be aware that the malware is improving its infection techniques.
So, this attacks put companies at risk through their remote employees’ behavior. This should increase the security level, as these campaigns will continue in the future.