Players deceived with Lua-based malware through fake cheating scripts

SeniorTechInfo
3 Min Read

Gamers Beware: Lua-Based Malware Targeting Game Cheat Seekers

Are you an avid gamer looking for cheats to enhance your gameplay? Beware, as a new Lua-based malware is targeting users searching for game cheats, tricking them into downloading malicious payloads.

The malware, which establishes persistence on infected systems, is spreading globally and is particularly prevalent in North America, South America, Europe, Asia, and Australia. This alarming discovery was made by Morphisec researcher Shmuel Uzan, who highlighted the malware’s exploitation of Lua gaming engine supplements popular among student gamers.

Initially documented by OALabs in March 2024, the malware lures users with fake websites that embed links to booby-trapped ZIP archives on various GitHub repositories, leveraging Lua scripts to execute malicious payloads.

McAfee Labs further revealed that threat actors are using legitimate Microsoft repositories to distribute RedLine information stealers using similar tactics. GitHub responded to these incidents by disabling user accounts and content that violated its policies.

Morphisec’s analysis uncovered a shift in the malware delivery mechanism, with obfuscated Lua scripts being used to avoid detection. However, the infection chain remains consistent, with users being lured into downloading malicious ZIP archives that contain harmful components.

The loader, or malicious Lua script, establishes communication with a command-and-control server to receive instructions, such as maintaining persistence, hiding processes, or downloading additional payloads like Redone Stealer or CypherIT Loader.

Infostealers, including RedLine, are gaining traction in the cybercriminal landscape, with harvested credentials being sold on the Dark web for profit.

Recent Developments

Kaspersky recently reported a campaign targeting users seeking pirated software on Yandex, distributing the open-source cryptocurrency miner SilentCryptoMiner. This scheme has impacted users in several countries, including Russia, Belarus, India, and Germany.

The malware is also being spread through Telegram channels aimed at crypto investors and in YouTube videos related to cryptocurrency and gambling.

Further investigations by Russian cybersecurity firm Doctor Web confirmed the widespread distribution of SilentCryptoMiner and clipper malware through fake software and cheat downloads. The campaign has affected thousands of users and generated over $6,000 in cryptocurrency profits for the attackers.

Users are advised to exercise caution while downloading files from untrusted sources and to stay updated on the latest cybersecurity threats. Follow us on Twitter and LinkedIn for more exclusive content and security news.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *