Point Blank Gamers Targeted with Backdoor Malware

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
The malware hides in the legitimate game downloads, signed with a real certificate; connections to ShadowHammer have been found.

The efforts of the APT behind the ShadowHammer supply-chain attack that abused the ASUS computer update function turns out to be wider in scope than previously thought. Researchers have found similar digitally-signed binaries using the videogame industry as a delivery conduit. Victims include fans of the popular first-person shooter game, Point Blank.

Researchers at Kaspersky Lab and ESET have spotted downloads of the affected games that have had backdoors inserted into them. They’re also signed with legitimate digital certificates that adversaries have managed to abuse, which allows the files to skate past antivirus and onto the desktop. So, gaming aficionados that think they’re downloading a cool first-person shooter could instead find themselves as the quarry in a different kind of attack.

This is the same modus operandi seen in Operation ShadowHammer, where more than a million ASUS computer owners worldwide were infected by a backdoor that was delivered inside the legitimate ASUS Live Update Utility (an issue that is now fixed).

ESET, which did a cursory overview of the gaming attacks in March (without naming the affected games), noted that its telemetry shows victims are mostly located in Asia, with Thailand having the largest part of the pie.
...
...
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Game name please?
Point Blank, same as in the topic title.
Another victim is a zombie survival game called Infestation: Survivor Stories (a.k.a The War Z), developed by Electronics Extreme, a gaming company from Thailand. After a 2013 compromise of its game servers, “the game source code was most probably stolen and released to the public,” researchers said. “It seems that certain videogame companies picked up this available code and started making their own versions of the game.” As did malware developers — so far, Kaspersky Lab researchers said that they have found at least three weaponized samples of Infestation signed by unrevoked, legitimate signatures belonging to Electronics Extreme. “We believe that a poorly maintained development environment, leaked source code, as well vulnerable production servers were at the core of the bad luck chasing this videogame,” the researchers said.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top