Three companies in the videogame industry established in Asian countries have been affected by this attack campaign
According to experts in network security and ethical hacking from the International Institute of Cyber Security, a recognized group of Chinese hackers known as Winnti Group compromised the systems of one platform and two videogame development companies established in Asia, implementing a backdoor in some of its products.
According to reports published by the companies involved, two of the products already compromised are free of the backdoor. However, in the third product (a video game called infestation) the backdoor is still present; the developer company (Electronics Extreme, Thailand) has been notified, but the compromised version of the product is still available for download.
“We are working with the developers affected by the incident; for now the names of the other two involved remain anonymous by their own decision”, the network security experts mentioned. Regarding the backdoor used by hackers, experts only mentioned that it is a similar executable in all three cases of infection.
The malicious executable is decrypted and executed in the memory of the computer from where the video game is used. “This may suggest that hackers changed a build configuration instead of the source code as such”, the network security experts mentioned.
Experts also noted that the hacker group seems to have taken advantage of a legitimate upgrade on the platforms to install the backdoor, which helped to delay the detection of malicious code. It is also noteworthy that the developers were able to secure their command and control servers to prevent the attack from expanding.
The main function of the backdoor is to download a second-stage Trojan that researchers have not been able to analyze to discover its functions. Since the initial backdoor only supports four commands and their C&C servers are not active, users are somehow protected so far.
But the danger is not yet over. Because the developers of infestation have not eliminated the backdoor of their servers, the group of hackers could install a backdoor update to reactivate the infection against all users.
The developers of the videogame infestation recommended to all its users to install the corresponding updates to mitigate the risks.