A new Lua-based malware campaign, dubbed Nezur, is targeting Roblox players, a popular platform among young gamers. Attackers are distributing the malware through seemingly legitimate game updates, cheats, and patches, often disguised as AI tools designed to enhance the gaming experience. The campaign is characterized by its use of a web interface that masquerades as a legitimate AI engine, luring unsuspecting users into downloading malicious software. This highlights the alarming trend of threat actors exploiting popular gaming platforms to spread malware, underscoring the importance of cybersecurity education for young gamers.
Once installed, the malware establishes contact with a command and control (C2) server, retrieves its payload from a GitHub repository, and executes the malicious code on the compromised system. This code can perform actions such as installing applications, opening links in invisible WebViews to execute JavaScript code, and subscribing victims to unwanted paid services. This multifaceted approach underscores the sophistication and danger posed by this new malware campaign.