Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Chinese hacking group backdoors products from three Asian gaming companies

March 12, 2019
in Internet Security
Chinese hacking group backdoors products from three Asian gaming companies
587
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Screengrab of Infestation homepage

A notorious Chinese cyber-espionage outfit known as the Winnti Group has breached the networks of two game makers and a gaming platform in Asia to include a backdoor trojan within their products.

Two of the compromised products no longer include the Chinese hackers’ backdoor, according to a report published earlier today by Slovak cyber-security firm ESET.

You might also like

These four new hacking groups are targeting critical infrastructure, warns security company

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

However, the third, a game named Infestation –produced by Thai developer Electronics Extreme– is still pushing updates and available for download in its backdoored version despite ESET’s efforts to notify the game developer through various channels since February.

While ESET didn’t wish to name the other two impacted products, an infected file hash included in the ESET report’s IOC (Indicators Of Compromise) section points the finger at the Garena gaming platform as the second impacted product.

The name of the third impacted product (a game) is still unknown.

“We have worked with one of the affected developers, and we respected their wish to stay anonymous and handle the situation on their end,” Léveillé told ZDNet in an email. “To be fair, we decided to simply avoid mentioning the names of publishers that already remediated the issue.”

As for the backdoor itself, Léveillé said that the Winnti Group modified the executable of the three products in a similar fashion.

The malicious code is included in the games’ main executable, and it is decrypted at runtime and launched into execution in the PC’s memory, while the original game/gaming platform runs as intended.

“This may suggest that the malefactor changed a build configuration rather than the source code itself,” Léveillé said.

The researcher also told ZDNet that the Winnti Group appears to have used the normal game updates as a means to push the backdoored versions to users, a reason why the infection wasn’t spotted right away and contained, reaching a large number of users.

“On the bright side, the C&C [command and control] servers were taken offline later and this limited the attack,” Léveillé told ZDNet.

This means that with the backdoor still being active in Electronics Extreme’s Infestation game, new users are getting infected to this day, but the backdoor won’t be able to contact its C&C servers to download additional malware on infected hosts.

“Given the popularity of the compromised application that is still being distributed by its developer, it wouldn’t be surprising if the number of victims is in the tens or hundreds of thousands,” ESET researcher Marc-Etienne M. Léveillé said today.

Based on ESET’s telemetry data, most of the victims are from Asian countries, which isn’t surprising since the games are popular in the region.

Winnti victims

Image: ESET

One particular oddity was the backdoor wouldn’t run on computers where the local language settings were either Chinese or Russia (some computers were infected in Russia because they used non-Russian language settings).

The backdoor’s role was to download a second stage trojan which ESET said it was a bulky DLL file. Researchers weren’t able to analyze and see what this second malware strain does, as the C&C server that controlled this second-stage payload wouldn’t return additional files to trigger the malware’s execution.

Because the original backdoor only supports four commands and its C&C servers are down, users are somewhat safe from this second malware strain, for the time being.

However, because Infestation game devs have failed to clean up their servers, the Winnti Group could deploy a new malicious game update with a new backdoor that communicates with a different C&C server and re-activate all previously infected users.

Infestation gamers are advised to reinstall their systems as soon as possible.

ESET isn’t sure why the Winnti Group is targeting gamers and what’s the endgame for this campaign, but the group has used compromised games in the past to distribute cyber-espionage malware. For example, it did so before in 2011.

The Winnti Group is a cyber-espionage outfit that is known to carry out such types of hacks –known as supply-chain attacks. A ProtectWise 401TRG 2018 report lists several past incidents, along with their last year’s predisposition for gathering code signing certificates from hacked software companies in the preparation of future supply-chain attacks.

Related cyber-security coverage:

Credit: Source link

Previous Post

How AI Can Unlock Data in CT and MRI Scans

Next Post

Botkeeper Becomes A HubSpot Connect Beta Integrator

Related Posts

These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Next Post
Botkeeper Becomes A HubSpot Connect Beta Integrator

Botkeeper Becomes A HubSpot Connect Beta Integrator

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

AI And Automation In HR: The Changing Scenario Of The Business
Data Science

AI And Automation In HR: The Changing Scenario Of The Business

February 28, 2021
Machine learning could aid mental health diagnoses: Study
Machine Learning

Machine learning could aid mental health diagnoses: Study

February 28, 2021
Python vs R! Which one should you choose for data Science
Data Science

Python vs R! Which one should you choose for data Science

February 28, 2021
Can Java be used for machine learning and data science?
Machine Learning

Can Java be used for machine learning and data science?

February 28, 2021
These four new hacking groups are targeting critical infrastructure, warns security company
Internet Security

These four new hacking groups are targeting critical infrastructure, warns security company

February 28, 2021
The Time-Series Ecosystem – Data Science Central
Data Science

The Time-Series Ecosystem – Data Science Central

February 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • AI And Automation In HR: The Changing Scenario Of The Business February 28, 2021
  • Machine learning could aid mental health diagnoses: Study February 28, 2021
  • Python vs R! Which one should you choose for data Science February 28, 2021
  • Can Java be used for machine learning and data science? February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates