Winnti Group Targets Video Game Developers with New Backdoor Malware

Winnti Group Targets Video Game Developers with New Backdoor Malware

Originally Published on this site

Winnti Group Targets Video Game Developers with New Backdoor Malware

Winnti Group Targets Video Game Developers with New Backdoor Malware 1

Researchers from ESET have discovered a new modular backdoor used by the Winnti Group to target several video game companies that develop MMO (massively multiplayer online) games.

As explained in a blog post, the malware, dubbed ‘PipeMon’ by ESET, targeted companies in South Korea and Taiwan. The video games developed by these companies are distributed all around the world, are available on popular gaming platforms and have thousands of simultaneous players.

According to researchers, the new modular backdoor is signed with a code-signing certificate likely stolen during a previous campaign and shares similarities with the PortReuse backdoor.

In at least one case, the attackers compromised a company’s build orchestration server, allowing them to take control of the victim’s automated build systems. This could have allowed the attackers to Trojanize video game executables, although there’s no current evidence that has occurred. In another case, attackers compromised a company’s game servers. With this attack, it would be possible to manipulate in-game currencies for financial gain, ESET explained.

“Multiple indicators led us to attribute this campaign to the Winnti Group. Some of the command and control domains used by PipeMon were used by Winnti malware in previous campaigns,” said Mathieu Tartare, malware researcher at ESET. “Furthermore, in 2019, other Winnti malware was found at some of the same companies that were later discovered to be compromised with PipeMon in 2020.”

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Vox Messenger Logo - 512x512

End-2-End Encrypted. Secure. Ad-Free.
Lightweight and Faster than the Competition.

Vox Messenger is an ad-free, secure and end-2-end encrypted alternative to other popular chat messenger apps.

Available for Free. Whitelabel Corporate Edition Available on Request.

Vox Messenger {Secure} - Communicate safely with our private and secure messaging app | Product Hunt Embed

All Rights Reserved - © Copyright 2020 - Vox Messenger (a Division of Kryotech Ltd.)