Hackers are abusing a popular gaming engine to infect people’s computers with malware used to steal private data and cryptocurrency.
Researchers from Check Point Research have detailed a previously undetected hacking technique targeting users of the Godot Gaming Engine, an open source game development platform used to build both 2D and 3D games across Windows, macOS, Linux, Android, iOS, HTML5, and others, with a community of more than 2,700 developers.
Check Point says since late June 2024, crooks have been building malicious code written in GDScript (Godot’s Python-like scripting language) calling on some 200 GitHub repositories and more than 220 Stargazer Ghost accounts, which were hosting a piece of malware called GodLoader.
In typical malware loader fashion, GodLoader would drop different malware to the infected devices, with the researchers spotting mostly RedLine stealer, and XMRig, a popular cryptojacker.
RedLine is an infamous infostealer capable of grabbing passwords, crypto wallet details, and other data stored in browsers, sensitive data, session cookies, and more. XMRig turns the infected device into a cryptocurrency miner, generating tokens for the attacker (while rendering the computer useless for pretty much anything else).