{
  "name": "Gaming Engines: An Undetected Playground for Malware Loaders",
  "slug": "gaming-engines-an-undetected-playground-for-malware-loaders",
  "description": "Check Point Research uncovered a new technique exploiting the Godot Engine to execute malicious GDScript code, remaining undetected by most antivirus tools. The technique has been used since June 2024, potentially infecting over 17,000 machines. A loader called GodLoader employs this method and is distributed via the Stargazers Ghost Network on GitHub. The technique allows cross-platform targeting of Windows, macOS, Linux, Android, and iOS devices. Researchers demonstrated successful payload drops on Linux and MacOS. This approach could potentially target over 1.2 million users of Godot-developed games through malicious mods or downloadable content.",
  "published": "2024-11-27T14:11:32+00:00",
  "created_at": "2024-11-27T14:11:32+00:00",
  "modified_at": "2024-11-29T10:03:57+00:00",
  "created_at_opencti": "2024-11-27T14:11:32+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-11-27",
    "cross-platform",
    "gaming",
    "gdscript",
    "godloader",
    "godot engine",
    "malware loader",
    "redline",
    "stargazers ghost network",
    "undetected technique",
    "xmrig"
  ],
  "related_entities": {
    "malware": [
      {
        "id": "legacy:malware:52351d8a6ae7b55f",
        "name": "GodLoader",
        "slug": "godloader"
      },
      {
        "id": "legacy:malware:25878cbc384641c1",
        "name": "RedLine",
        "slug": "redline"
      },
      {
        "id": "legacy:malware:83adebc6ef4eb478",
        "name": "XMRig",
        "slug": "xmrig"
      }
    ],
    "attack_patterns": [
      {
        "id": "a72ebeae-8e62-4039-8135-e9c611011fdc",
        "name": "T1573"
      },
      {
        "id": "926a888c-190c-4efb-ab6b-f9d7e6a0fc54",
        "name": "T1547"
      },
      {
        "id": "2c3d4267-2bae-41ae-8486-5876953a1748",
        "name": "T1129"
      },
      {
        "id": "60972cf6-e90b-4600-af3c-13c468391d9c",
        "name": "T1106"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e",
        "name": "T1071"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "7d7ac733-6442-416f-8669-c302dd0843b9",
        "name": "T1036"
      },
      {
        "id": "50514c04-b3a2-4abf-a855-e3a434200c87",
        "name": "T1204"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "6aa7866f-9c1f-4159-938a-10a6adf41646",
        "name": "T1553"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://research.checkpoint.com/2024/gaming-engines-an-undetected-playground-for-malware-loaders/",
    "https://otx.alienvault.com/pulse/674736a47af4929a39b28fb6"
  ]
}