It is able to filter requests, files, and commands received from other game servers and forwards data about attempted changes to the client to the Trojan developer’s server.Īnother component, Trojan.
Belonard.10, remains in the system and acts as a protector of the client. If a user downloads an infected client from the website operated by the owner of the malicious server, the Trojan’s persistence in the system is ensured after the first launch of the game.Įxperts noticed that one of the components, Trojan. A clean pirated client is infected the same way. If the gamer is using the official client, the Trojan infects the device exploiting an RCE vulnerability through the malicious server and then establishes in the system. Belonard is composed of 11 components, experts noticed that the malicious code operates under different scenarios, depending on the game client. By selecting one of them, a player gets redirected to a malicious server where their computer become infected with Trojan. “As a rule, proxy servers show a lower ping, so other players will see them at the top of the list. Belonard replaces the list of available game servers in the game client and creates proxies on the infected computer to spread the Trojan.” reads the analysis published by Dr. Once infected a gamer’s client, the Belonard Trojan replaces the list of available game servers and create proxies to spread the Trojan. Belonard is also distributing a tainted of the game client via his website, the version is infected with the Belonard Trojan. The developer ‘ Belonard‘ of the Trojan managed to create a botnet compromising a large number of the CS 1.6 game servers. Web reported that the attackers exploit two Remote Code Execution (RCE) flaws in the official game client, they also found four issues in the pirated version of the popular game. The owner of the malicious server exploits the vulnerabilities in the game client, he infected them with a newly written Trojan dubbed Belonard, that downloads malware to secure the Trojan in the system and spread the device to other players.Įxperts at Dr. His server infected the devices of players with a Trojan and used their accounts to promote other game servers.” “As it turned out, the developer nicknamed, “ Belonard ”, resorted to illegal means of promotion. Having paid for a service, customers often remain oblivious as to how exactly their servers are advertised.” reads the analysis published by Dr.Web. “Some server owners advertise themselves independently, while others purchase server promotion services from contractors.
The owners of many servers raise money from players by selling various privileges, such as access to weapons and protection against bans. Threat actors have set-up the servers in the attempt of hacking gamers’ computers worldwide by exploiting zero-day vulnerabilities in the game client.
0 kommentar(er)
