Multiple fake adult games have been leveraged to target Windows users across South Korea with the QuasarRAT malware, also known as xRAT, as part of a social engineering campaign, Cyber Security News reports.Downloading the counterfeit games from widely used webhard services provides targets with a ZIP file with the Game.exe launcher that features a play button, which copies the Data1.Pak component, while launching Data2.Pak and Data3.Pak as GoogleUpdate.exe and WinUpdate.db, respectively, in the Windows Explorer, according to an analysis from the AhnLab Security Intelligence Center. Execution of GoogleUpdate.exe triggers a WinUpdate.db search before implementing AES encryption to extract final shellcode, which enables privilege escalation for the malware prior to the eventual injection of QuasarRAT.Aside from obtaining system details, QuasarRAT also enables keyboard logging and unwarranted file transfers. Mitigating such a threat necessitates increased caution in downloading from file-sharing websites.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds