Hackers Disguise New JavaScript-Based Trojan as Game Cheat

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/hackers-disguise-new-javascript-based-trojan-as-game-cheat/

Researchers discovered a new JavaScript-based and modular downloader Trojan camouflaged and distributed to targets in the form of game cheats via websites owned by its developers.

The malware was discovered by Yandex which subsequently sent it over to Doctor Web's research team for further analysis together with additional info on how the Trojan sample was distributed. The researchers were able to find that the Trojan — dubbed MonsterInstall — uses Node.js to execute itself on the victims' machines.

"When users attempt to download a cheat they download a password-protected 7zip archive to their computers. Inside there is an executable file; which upon launch, will download the requested cheats alongside other trojan’s components," says Doctor Web.

New Node.js trojan threatens gamers

Researchers at Doctor Web’s virus laboratory have studied a new type of downloader trojan. The malware is written in JavaScript and uses Node.js to launch itself within a system. The malicious software is distributed through websites with cheats for popular video games and received the name...

news.drweb.com

 

[Dave Russo]

Thanks for your post Silversurfer, Cheaters never prosper,and now they get hacked,thanks as the kids {family} are forever playing computer games here,would Shadow Defender be a good idea or can the damage be done before any restart? Also any chance Dr Web is just using this as a promotion for there product?

 

[silversurfer]

Cheaters never prosper,and now they get hacked,thanks as the kids {family} are forever playing computer games here,would Shadow Defender be a good idea or can the damage be done before any restart?

Shadow Defender can't help much in this case, because the Trojan try to download Cryptocurrency-Miner as we can read in the quotes below:

The malicious xmrig.exe process expanded and loaded from the xmrig.dll will send architecture, CPU, and RAM information to its operators and it will get a response containing the miner configuration in the form of a JSON file.
After the cryptominer loads the mining config file received from the C&C server, it will automatically execute and start surreptitiously mining TurtleCoin cryptocurrency.

Also any chance Dr Web is just using this as a promotion for there product?

Malware Analysis/Research is often done by other AV vendors like Kaspersky, ESET, Trend Micro and more..., so probably this report by Dr.Web is mainly for information purposes!