Threat Intelligence, Malware

Windows RAT proliferated through bogus gaming tools

Roblox gift cards are seen at a store in Krakow, Poland on July 5, 2023. A campaign discovered by researchers at ReversingLabs uses typo-squatting and a number of sophisticated obfuscation tactics to entice users into downloading fake and malicious versions of commonly-used open source software. (Photo by Jakub Porzycki/NurPhoto via Getty Images)
(Photo by Jakub Porzycki/NurPhoto via Getty Images)

Trojanized tools for the Roblox and Xeno games have been harnessed to deliver a remote access trojan on Windows systems, HackRead reports.

Attackers leveraged browsers and chat platforms to deceive targets into downloading the seemingly legitimate RobloxPlayerBeta.exe and Xeno.exe files, which inject a portable Java runtime and deploy the illicit jd-gui.jar archive, said Microsoft Threat Intelligence researchers in a post on X. Subsequent exploitation of PowerShell and living-off-the-land binaries then allows the execution of a PowerShell script that retrieves and executes malware, which not only conceals its original downloader but also adds malicious file exclusions in Microsoft Defender, while ensuring persistence, according to analysts.

With the final malware's multi-layered functionality providing extensive control over impacted systems, organizations have been urged to bolster outbound traffic tracking. Organizations should also block connections to IP addresses and domains included in the indicators of compromise, as well as inspect for dubious Microsoft Defender exclusions and scheduled tasks.

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

CorruptionData MiningDictionary AttackDrive-by DownloadDumpSecDumpster DivingGoogle HackingHybrid AttackInformation WarfareReconnaissance

You can skip this ad in 5 seconds