A sophisticated malware campaign has been discovered targeting the Godot Engine, an open-source game development platform, affecting more than 17,000 systems since June 2024. The attack, named “GodLoader,” exploits legitimate features of the engine to deliver malicious payloads while successfully evading most antivirus detection systems.
The distribution network, known as “Stargazers Ghost Network,” operates through approximately 200 GitHub repositories and 225 fake accounts. The campaign primarily targets developers, gamers, and general users, utilizing Godot Engine’s .PCK files to deploy loader malware, which subsequently delivers RedLine Stealer and XMRig cryptocurrency miner as secondary payloads.
Technical analysis reveals the malware’s ability to bypass sandbox analysis and modify Microsoft Defender exclusions. While currently focused on Windows systems, the attack vector can potentially extend to macOS and Linux platforms, affecting an estimated 1.2 million users of Godot-developed games.
Security experts recommend:
– Downloading software exclusively from verified sources
– Implementing asymmetric-key encryption
– Maintaining up-to-date security solutions
– Being cautious with game development tools
This campaign demonstrates the increasing sophistication of cyber threats targeting the gaming industry and emphasizes the need for enhanced security measures within gaming platforms.