Hackers Infect Multiple Game Developers With Advanced Malware
upstart writes in with an IRC submission:
Hackers infect multiple game developers with advanced malware:
One of the world's most prolific hacking groups recently infected several Massively Multiplayer Online game makers, a feat that made it possible for the attackers to push malware-tainted apps to one target's users and to steal in-game currencies of a second victim's players.
Researchers from Slovakian security company ESET have tied the attacks to Winnti, a group that has been active since at least 2009 and is believed to have carried out hundreds of mostly advanced attacks.
[...] The recent attack used a never-before-seen backdoor that ESET has dubbed PipeMon. To evade security defenses, PipeMon installers bore the imprimatur of a legitimate Windows signing certificate that was stolen from Nfinity Games during a 2018 hack of that gaming developer. The backdoor-which gets its name for the multiple pipes used for one module to communicate with another and the project name of the Microsoft Visual Studio used by the developers-used the location of Windows print processors so it could survive reboots. Nfinity representatives weren't immediately available to comment.
In a post published early Thursday morning, ESET revealed little about the infected companies except to say they included several South Korea- and Taiwan-based developers of MMO games that are available on popular gaming platforms and have thousands of simultaneous players.
[...] Windows requires certificate signing before software drivers can access the kernel, which is the most security-critical part of any operating system. The certificates-which must be obtained from Windows-trusted authorities after purchasers prove they are providers of legitimate software-can also help to bypass antivirus and other end-point protections. As a result, certificates are frequent plunder in breaches.
Read more of this story at SoylentNews.