CyberSecurity news
@securityonline.info
//
A global attack campaign named StaryDobry has been discovered, utilizing trojanized game installers to deploy the XMRig cryptocurrency miner on compromised Windows systems. Attackers uploaded poisoned installers for popular games such as BeamNG.drive, Garry's Mod, and Dyson Sphere Program to torrent sites, luring users into downloading them. Once executed, these installers initiate a complex infection chain, ultimately leading to the installation of the XMRig miner. The campaign, detected by Kaspersky on December 31, 2024, lasted for a month and has primarily targeted individual users and businesses.
Researchers have identified that the attack chain employs several evasion techniques, including anti-debugging checks and geolocation verification. The malware gathers a fingerprint of the machine, decrypts an executable, and modifies Windows Shell Extension Thumbnail Handler functionality. The campaign focused on gaming PCs with 8+ core CPUs to maximize mining efficiency. While the perpetrators remain unknown, the presence of Russian language strings suggests the involvement of Russian-speaking actors. The most affected countries included Russia, Brazil, Germany, Belarus, and Kazakhstan.
ImgSrc: securityonline.
References :
- securityonline.info: Cracked Games, Cryptojacked PCs: The StaryDobry Campaign
- The Hacker News: Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack
- www.scworld.com: Global XMRig attack campaign involves trojanized game installers
- Talkback Resources: Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack [net] [sys] [mal]
- Talkback Resources: Cracked Games, Cryptojacked PCs: The StaryDobry Campaign [net] [mal]
- Talkback Resources: StaryDobry campaign targets gamers with XMRig miner [mal]
- gbhackers.com: A sophisticated malware campaign was launched by cybercriminals, targeting users through trojanized versions of popular games.
- BleepingComputer: A large-scale malware campaign dubbed StaryDobry has been targeting gamers worldwide with trojanized versions of cracked games such as Garry's Mod, BeamNG.drive, and Dyson Sphere Program.
- securityonline.info: Cybercriminals launched a mass infection campaign, dubbed StaryDobry, leveraging the holiday season’s increased torrent traffic The
- www.bleepingcomputer.com: A large-scale malware campaign dubbed "StaryDobry" has been targeting gamers worldwide with trojanized versions of cracked games such as Garry's Mod, BeamNG.drive, and Dyson Sphere Program.
- Anonymous ???????? :af:: A large-scale malware campaign dubbed "StaryDobry" has been targeting gamers worldwide with trojanized versions of cracked games such as Garry's Mod, BeamNG.drive, and Dyson Sphere Program.
Classification:
- HashTags: #Malware #Cryptomining #Trojan
- Company: Cracked game users
- Target: Gamers
- Attacker: Kaspersky
- Product: Games
- Feature: cryptocurrency mining
- Malware: XMRig
- Type: Malware
- Severity: Medium