If you are a Counter-Strike gamer, then beware, because 39% of all existing Counter-Strike 1.6 game servers available online are malicious that have been set-up to remotely hack gamers’ computers.
A team of cybersecurity researchers at Dr. Web has disclosed that an attacker has been using malicious gaming servers to silently compromise computers of Counter-Strike gamers worldwide by exploiting zero-day vulnerabilities in the game client.
According to the researchers, Counter-Strike 1.6, a popular game that’s almost two decades old, contains unpatched multiple remote code execution (RCE) vulnerabilities in its client software that let attackers execute arbitrary code on the gamer’s computer as soon as they connect to a malicious server, without requiring any further interaction from the gamers.
It turned out that a Russian gaming server developer, nicknamed ‘Belonard,’ has been exploiting these vulnerabilities in the wild to promote his business and create a botnet of compromised gamers’ systems by infecting them with a custom Trojan.
Dubbed Belonard, the Trojan named after its developer has been designed to gain persistence, replace the list of available game servers in the vulnerable game client installed on the infected systems, and create proxies to further spread the Trojan.
“As a rule, proxy servers show a lower ping, so other players will see them at the top of the list. By selecting one of them, a player gets redirected to a malicious server where their computers become infected with Trojan.Belonard,” Dr. Web said in a report published Wednesday.
Besides this, the rogue developer is also distributing a modified or pirated version of the game client via his website that is already infected with the Belonard Trojan.
images from Hacker News