- Jul 22, 2014
- 2,525
The malware hides in the legitimate game downloads, signed with a real certificate; connections to ShadowHammer have been found.
The efforts of the APT behind the ShadowHammer supply-chain attack that abused the ASUS computer update function turns out to be wider in scope than previously thought. Researchers have found similar digitally-signed binaries using the videogame industry as a delivery conduit. Victims include fans of the popular first-person shooter game, Point Blank.
Researchers at Kaspersky Lab and ESET have spotted downloads of the affected games that have had backdoors inserted into them. They’re also signed with legitimate digital certificates that adversaries have managed to abuse, which allows the files to skate past antivirus and onto the desktop. So, gaming aficionados that think they’re downloading a cool first-person shooter could instead find themselves as the quarry in a different kind of attack.
This is the same modus operandi seen in Operation ShadowHammer, where more than a million ASUS computer owners worldwide were infected by a backdoor that was delivered inside the legitimate ASUS Live Update Utility (an issue that is now fixed).
ESET, which did a cursory overview of the gaming attacks in March (without naming the affected games), noted that its telemetry shows victims are mostly located in Asia, with Thailand having the largest part of the pie.
...
...
The efforts of the APT behind the ShadowHammer supply-chain attack that abused the ASUS computer update function turns out to be wider in scope than previously thought. Researchers have found similar digitally-signed binaries using the videogame industry as a delivery conduit. Victims include fans of the popular first-person shooter game, Point Blank.
Researchers at Kaspersky Lab and ESET have spotted downloads of the affected games that have had backdoors inserted into them. They’re also signed with legitimate digital certificates that adversaries have managed to abuse, which allows the files to skate past antivirus and onto the desktop. So, gaming aficionados that think they’re downloading a cool first-person shooter could instead find themselves as the quarry in a different kind of attack.
This is the same modus operandi seen in Operation ShadowHammer, where more than a million ASUS computer owners worldwide were infected by a backdoor that was delivered inside the legitimate ASUS Live Update Utility (an issue that is now fixed).
ESET, which did a cursory overview of the gaming attacks in March (without naming the affected games), noted that its telemetry shows victims are mostly located in Asia, with Thailand having the largest part of the pie.
...
...