Staff member
Malware Hunter
The malware hides in the legitimate game downloads, signed with a real certificate; connections to ShadowHammer have been found.

The efforts of the APT behind the ShadowHammer supply-chain attack that abused the ASUS computer update function turns out to be wider in scope than previously thought. Researchers have found similar digitally-signed binaries using the videogame industry as a delivery conduit. Victims include fans of the popular first-person shooter game, Point Blank.

Researchers at Kaspersky Lab and ESET have spotted downloads of the affected games that have had backdoors inserted into them. They’re also signed with legitimate digital certificates that adversaries have managed to abuse, which allows the files to skate past antivirus and onto the desktop. So, gaming aficionados that think they’re downloading a cool first-person shooter could instead find themselves as the quarry in a different kind of attack.

This is the same modus operandi seen in Operation ShadowHammer, where more than a million ASUS computer owners worldwide were infected by a backdoor that was delivered inside the legitimate ASUS Live Update Utility (an issue that is now fixed).

ESET, which did a cursory overview of the gaming attacks in March (without naming the affected games), noted that its telemetry shows victims are mostly located in Asia, with Thailand having the largest part of the pie.


Level 37
Content Creator
Game name please?
Point Blank, same as in the topic title.
Another victim is a zombie survival game called Infestation: Survivor Stories (a.k.a The War Z), developed by Electronics Extreme, a gaming company from Thailand. After a 2013 compromise of its game servers, “the game source code was most probably stolen and released to the public,” researchers said. “It seems that certain videogame companies picked up this available code and started making their own versions of the game.” As did malware developers — so far, Kaspersky Lab researchers said that they have found at least three weaponized samples of Infestation signed by unrevoked, legitimate signatures belonging to Electronics Extreme. “We believe that a poorly maintained development environment, leaked source code, as well vulnerable production servers were at the core of the bad luck chasing this videogame,” the researchers said.