Hackers Exploit Game Engine To Spread Cross-Platform Malware

Hackers exploit the Godot Engine to spread undetected malware, targeting devices across platforms via GitHub’s Stargazers Ghost Network.

Cybersecurity researchers at Check Point have discovered a new technique that exploits the Godot Engine, an open-source tool used for creating video games, to deliver malware.

This method uses Godot’s scripting language, GDScript, to execute harmful commands, allowing attackers to infect devices while remaining undetected by most antivirus software.

Godot is a popular game development platform known for its flexibility and ability to support various operating systems, including Windows, macOS, Linux, Android, and iOS.

Its open-source nature has made it a favorite among developers. Unfortunately, its flexibility has also made it a target for cybercriminals.

The newly identified malware, called “GodLoader,” takes advantage of the Godot Engine’s features to install malicious software on victims’ devices. The malware is distributed through a network operating on GitHub, known as the Stargazers Ghost Network.

This network disguises malicious files as legitimate software and shares them via repositories that appear trustworthy. Between September and October 2024, around 200 GitHub repositories were used to distribute GodLoader, tricking users into downloading infected files.

This technique is particularly concerning because it targets multiple platforms. The Godot Engine’s cross-platform design enables attackers to spread malware across various devices, including Windows PCs, Mac computers, and Linux systems.

Android devices are also at risk, with slight adjustments to the malware’s structure. While iOS devices are less vulnerable due to strict security protocols, the threat still looms large for a broad range of users.

The scale of this attack is significant. Over 1.2 million players could be targeted if cybercriminals successfully compromise games developed with the Godot Engine.

Attackers could exploit downloadable game content, such as mods, to deliver malicious payloads. Once the files are executed, they could steal sensitive information, install additional malware, or even disrupt systems.

Despite the severity of the threat, most antivirus programs fail to detect this type of malware. By embedding harmful scripts within legitimate-looking files, attackers bypass standard security measures, spreading malware undetected.

Gamers and developers are advised to exercise caution, avoid downloading files from unofficial sources, and ensure that their antivirus software is up to date. This discovery highlights the growing sophistication of cyberattacks and the importance of vigilance in an increasingly interconnected digital environment.