How adversaries are using backdoored video game cheat engines and modding tools
released on 2021-03-31 @ 11:25:06 PM
Cisco Talos recently discovered a new campaign targeting video game players and other PC modders. Talos has detected a new cryptor used in several different malware campaigns hidden in seemingly legitimate files that users would usually download to install cheat codes into video games or other visual and game modifications (aka "mods"). The cryptor uses Visual Basic 6 along with shellcode and process injection techniques. Talos provides a full analysis of the VB6 header of one of the samples used in these campaigns and provides a detailed walkthrough for security analysts.