this post was submitted on 28 Nov 2024
17 points (84.0% liked)

Cybersecurity

5967 readers
348 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago
MODERATORS
 

​Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months.

top 3 comments
sorted by: hot top controversial new old
[–] eibriel@sigmoid.social 6 points 1 month ago

@BrikoX Godot was not abused. What I understand:

What actually happened: Bad actors realized that they could use Godot to code Malware that is not detected by antivirus software. They create open source tools on Github (Cracks, Twitch manager for example, and 188 others), but that tool is a Malware coded in Godot that downloads and runs additional malicious software.

What could happen, but probably didn't: Bad actors could change the data of a Godot game, turning it into malware.

[–] Tyfud@lemmy.world 6 points 1 month ago* (last edited 1 month ago)

This is a non issue. It's like saying hackers used a programming language to write malicious code.

Of course they did. How else would they do it?

They're just using the Godot engine (C#) to do it instead of the python interpreter.

Edit: The people downvoting appear to not understand how this works.

They wrote a module and made it available through the Gadot GodLoader "marketplace" for people to download. You could do the same thing with Unity3D, or UnrealEngine, or the Android store, or the Apple Store. The difference is those have safeguards from paid people and systems to verify the authenticity and maliciousness of the tools/code that are submitted. Gadot/Godloader lacks these controls in their system.

The only thing it's really doing it running arbitrary code. Arbitrary code the user would have to in some way allow it to run by installing an unknown/unverified script.

Similar to something like the Greasemonkey extension for FF/Chrome.

When you use modules and tools like this you are taking a risk that you are able to self-monitor, otherwise only run scripts/download modules from trusted sources.

There's nothing specific about Gadot's system here, this is like clickbait.

[–] Kelly@lemmy.world 3 points 1 month ago

The Stargazers Ghost Network uses over 3,000 GitHub "ghost" accounts to create networks of hundreds of repositories that can be used to deliver malware (mainly information stealers like RedLine, Lumma Stealer, Rhadamanthys, RisePro, and Atlantida Stealer) and star, fork, and subscribe to these malicious repos to push them to GitHub's trending section and increase their apparent legitimacy.