"Share with a friend and get the full version for free" - social engineering in all its glory.
Cybersecurity researchers at McAfee discovered a new type of malware that can steal sensitive information from infected computers. This virus, which belongs to the family of the well-known infostealer Redline, is called "Cheat Lab" and is a fake cheat program for video games.
The Cheat Lab virus is distributed through ZIP files containing an MSI installer, which extracts files at startup "compiler.exe" and "lua51.dll". These files, as experts found out, contain malicious code in the Lua language. The malware uses detection bypass techniques, including code injection into legitimate processes and on-the-fly compilation, which makes it harder for antivirus programs to detect it.
Experts also recorded a similar variation of the virus called "Cheater Pro". Interestingly, the URLs considered for distributing both versions of the malware were linked to the "vcpkg" repository published on GitHub by Microsoft. Hackers probably used this method to give victims a false sense of legitimacy for the program.
According to McAfee, the virus uses a management server previously associated with Redline, but unlike the classic versions of Redline, it does not steal information from browsers. However, it actively collects screenshots of active windows and system information, transmitting them to malware operators.
"To unlock the full version, just share this program with a friend. After that, the program is automatically unlocked," reads a message in the installer of the fake cheat program, encouraging victims to spread the virus among their friends. Thus, the creators of Cheat Lab motivate users, without realizing it, to participate in the further distribution of malware.
Experts not only warn gamers against downloading any executable files from dubious sites, but also recommend that you be careful when downloading files and programs from reliable and trusted sources, such as GitHub.
Meanwhile, Microsoft has not yet commented on the situation with the distribution of malware through its repository, which leaves open questions about the security of the popular platform for developers.
Cybersecurity researchers at McAfee discovered a new type of malware that can steal sensitive information from infected computers. This virus, which belongs to the family of the well-known infostealer Redline, is called "Cheat Lab" and is a fake cheat program for video games.
The Cheat Lab virus is distributed through ZIP files containing an MSI installer, which extracts files at startup "compiler.exe" and "lua51.dll". These files, as experts found out, contain malicious code in the Lua language. The malware uses detection bypass techniques, including code injection into legitimate processes and on-the-fly compilation, which makes it harder for antivirus programs to detect it.
Experts also recorded a similar variation of the virus called "Cheater Pro". Interestingly, the URLs considered for distributing both versions of the malware were linked to the "vcpkg" repository published on GitHub by Microsoft. Hackers probably used this method to give victims a false sense of legitimacy for the program.
According to McAfee, the virus uses a management server previously associated with Redline, but unlike the classic versions of Redline, it does not steal information from browsers. However, it actively collects screenshots of active windows and system information, transmitting them to malware operators.
"To unlock the full version, just share this program with a friend. After that, the program is automatically unlocked," reads a message in the installer of the fake cheat program, encouraging victims to spread the virus among their friends. Thus, the creators of Cheat Lab motivate users, without realizing it, to participate in the further distribution of malware.
Experts not only warn gamers against downloading any executable files from dubious sites, but also recommend that you be careful when downloading files and programs from reliable and trusted sources, such as GitHub.
Meanwhile, Microsoft has not yet commented on the situation with the distribution of malware through its repository, which leaves open questions about the security of the popular platform for developers.
