Supply chain attack: Developers accidentally spread infected PC games

Anyone who has played the zombie game "Infestation" may have got a backdoor installed on their computer. Security researchers see links to a recently announced hack.



The most effective way to distribute malware is through a trusted supplier. "Supply chain attacks" are called hacks - supply chain attacks. Kaspersky Lab revealed a perfidious example a few weeks ago: tens of thousands of Asus' customers secretly installed a backdoor on their devices via the computer company's official update server, signed with a legitimate Asus certificate and therefore completely unsuspecting. Now Kaspersky Lab and ESET have discovered a variant of this attack technique. The target was gamers, the backers probably the same.

The path of infection began with the software that some game manufacturers use to develop games. In this case, it was part of Microsoft's Visual Studio. Three Asian game studios used a version of this software that was already compromised with malicious software.

It is unclear whether the studios used illegal copies of the software they had obtained through a swap or other unofficial sources. The alternative would be that hackers have invaded the game maker's computer and manipulated its version of Microsoft Visual Studio.

Infected by "Infestation"

The result was in any case games that were signed and published by the manufacturers - and on the computers of the players set up a back door, could be reloaded over the other malicious software. One of the games is called "Infestation: Survivor Stories". The Survival Game of the Thai company Electronics Extreme is based on the 2013 released source code of "The War Z", the game server, however, have long been shut down.

The second compromised game is a first-person shooter called "PointBlank" and comes from the Korean provider Zepetto. The name and maker of the third game was not published by Kaspersky Lab.

more on the subject

Without cyber alarmThe world of hackers - finally understandable

The Russian IT security company has discovered 92,000 infected machines among its customers, according to Wired. ESET had already reported in March without much detail about the supply chain attacks and wrote, "it would not be surprising if there were tens of thousands to hundreds of thousands of victims."

The approach is not new: in 2015, security companies discovered hundreds of apps with malicious software in Apple's App Store. All of them had been created with a version of Apple's XCode developer software that was infected by an unofficial Chinese download server.

Russians and Chinese are spared

In the current case, especially gamers in Thailand, the Philippines and Taiwan are affected. What is remarkable about the malware hidden in the games is the fact that it does not become active if the system language of the infected computer is Russian or Simplified Chinese.

There are many indications that behind the attack on the game providers are the same perpetrators, as behind the Asus hack and the case of CCleaner of 2017. At that time, more than two million users of the maintenance software had been infected via an official update with malicious software.

There are similarities in the malicious code, the approach is the same, and in two of the three attacks, compromised servers from a Korean university were used to communicate the culprits with the infected devices.

According to Kaspersky Lab, the teaching from the find mainly affects the software developers. You should ask yourself if the programs you use are really from trusted sources and when you last checked if the programs were subsequently manipulated.

ref: spiegel