The popular platform is being misused to spread malware

Virus descriptions, 28.11.2024, 14:30 PM

Godot Engine, a popular game development platform that allows users to design 2D and 3D games on various platforms, including Windows, macOS, Linux, Android, iOS, PlayStation, Xbox, Nintendo Switch and the web, is being abused to spread the GodLoader malware, which is has infected more than 17,000 systems since June of this year.

Cybercriminals use the Godot Engine to run GDScript code that delivers malware, he warned Check Pointpointing out that this attack is not detected by almost any VirusTotal antivirus.

Cross-platform support makes Godot Engine an attractive tool for cybercriminals who abuse it to infect devices at scale.

The attackers are using the Stargazers Ghost Network of around 200 GitHub repositories and more than 225 fake accounts, as a distribution vector for GodLoader.

The attacks, which were observed on September 12, September 14, September 29 and October 3, 2024, use Godot Engine executables, .PCK files, to infect devices with malware that in the final stage of the attack downloads other malware such as RedLine Stealer or XMRig.

The malware has features to bypass analysis in protected and virtual environments and add the entire C: drive to the Microsoft Defender Antivirus exception list to prevent detection.

Check Point points out that GodLoader is primarily aimed at Windows devices, but that it is not difficult to adapt the malware to infect macOS and Linux systems.

Photo: Philipp Katzenberger | Unsplash