Hackers Exploit Game Engine To Spread Cross-Platform Malware

Hackers exploit the Godot Engine to spread undetected malware, targeting devices across platforms via GitHub’s Stargazers Ghost Network.

Cybersecurity researchers at Check Point have discovered a new technique that exploits the Godot Engine, an open-source tool used for creating video games, to deliver malware.

This method uses Godot’s scripting language, GDScript, to execute harmful commands, allowing attackers to infect devices while remaining undetected by most antivirus software.

Godot is a popular game development platform known for its flexibility and ability to various operating systems, including Windows, macOS, Linux, Android, and iOS.

Its open-source nature has made it a favorite among developers. Unfortunately, its flexibility has also made it a target for cybercriminals.

The newly identified malware, called “GodLoader,” takes advantage of the Godot Engine’s features to install malicious software on victims’ devices. The malware is distributed through a network operating on GitHub, known as the Stargazers Ghost Network.

This network disguises malicious files as legitimate software and shares them via repositories that appear trustworthy. Between September and October 2024, around 200 GitHub repositories were used to distribute GodLoader, tricking s into ing infected files.

This technique is particularly concerning because it targets multiple platforms. The Godot Engine’s cross-platform design enables attackers to spread malware across various devices, including Windows PCs, Mac computers, and Linux systems.

Android devices are also at risk, with slight adjustments to the malware’s structure. While iOS devices are less vulnerable due to strict security protocols, the threat still looms large for a broad range of s.

The scale of this attack is significant. Over 1.2 million players could be targeted if cybercriminals successfully compromise games developed with the Godot Engine.

Attackers could exploit able game content, such as mods, to deliver malicious payloads. Once the files are executed, they could steal sensitive information, install additional malware, or even disrupt systems.

Despite the severity of the threat, most antivirus programs fail to detect this type of malware. By embedding harmful scripts within legitimate-looking files, attackers by standard security measures, spreading malware undetected.

Gamers and developers are advised to exercise caution, avoid ing files from unofficial sources, and ensure that their antivirus software is up to date. This discovery highlights the growing sophistication of cyberattacks and the importance of vigilance in an increasingly interconnected digital environment.