Researchers from ESET have found a brand new modular backdoor utilized by the Winnti Group to focus on a number of online game corporations that develop MMO (massively multiplayer on-line) video games.
As defined in a blog post, the malware, dubbed ‘PipeMon’ by ESET, focused corporations in South Korea and Taiwan. The video video games developed by these corporations are distributed all all over the world, can be found on fashionable gaming platforms and have 1000’s of simultaneous gamers.
In response to researchers, the brand new modular backdoor is signed with a code-signing certificates seemingly stolen throughout a earlier marketing campaign and shares similarities with the PortReuse backdoor.
In at the very least one case, the attackers compromised an organization’s construct orchestration server, permitting them to take management of the sufferer’s automated construct methods. This might have allowed the attackers to Trojanize online game executables, though there’s no present proof that has occurred. In one other case, attackers compromised an organization’s recreation servers. With this assault, it might be attainable to govern in-game currencies for monetary acquire, ESET defined.
“A number of indicators led us to attribute this marketing campaign to the Winnti Group. A few of the command and management domains utilized by PipeMon have been utilized by Winnti malware in earlier campaigns,” stated Mathieu Tartare, malware researcher at ESET. “Moreover, in 2019, different Winnti malware was discovered at a number of the identical corporations that have been later found to be compromised with PipeMon in 2020.”