One of the most prolific hacking groups in the world recently attacked several developers of massively multiplayer online games that allowed the attackers to distribute malicious apps among the players and steal their in-game currency.
Researchers from the Slovak company ESET connect these attacks with the hacking group Winnti, which has been active since 2009 and is believed to have spent hundreds of various attacks. Among the victims were the Chinese journalists, the Uyghur and Tibetan activists, the government of Thailand and prominent technology organizations. Winnti has been associated with hacking 2010, when it was stolen sensitive data from Google and 34 other companies. Recently this group has compromised the distribution platform FOR CCleaner, which has spread malicious update to millions of users, and also noted a infestation bedorom about 500 thousand laptops ASUS.
New attack on Winnti developers of MMO games is associated with a previously unknown ESET bedorom PipeMon. To remain invisible to security systems, the installer uses PipeMon a legitimate signing certificate, Windows, which was stolen from Nfinity Games after breaking this company in 2018.
In a message posted early Thursday morning, ESET little that spoke about the “infected” companies, except that they included several Korean and Taiwanese developers of MMO games that are presented on popular gaming platforms, and their projects comprise thousands of active players. In some cases, malware got onto victim’s PC through platform updates, games, other were compromised game servers. In the latter case, attackers, for example, could manipulate the in-game currency for financial gain.