Post by Godot UserGroup Berlin <img src="https://takahe.humberto.io/media/emoji/mastodon.gamedev.place/godot.png" class="emoji" alt="Emoji godot">

107d

For the first time a malware written in GDScript has been spotted in the wild. The attack vector are spam-repos on Github with infected cracked game executables targeting Windows devices. The code uses a bunch of OS.execute statements to run malicious shell code. More interesting are the employed anti-emulation techniques. One of them uses Godot’s rendering capability detection to check for 3D Video Acceleration. 

#GodotEngine #OpenSource #GameDev #Malware #InfoSec #Security #Godot4

Edited 107d ago

1 0 0 View Post & Replies See Original

107d

Key takeaways of the report:
- Do not download and run executables from untrustworthy sources
- Do not run executables with admin privileges except you know what you are doing
- As a Game Creator: Encrypt your .pck file/section with asymmetric keys to prevent malicious actors from easily infecting your game code. 

#GodotEngine #OpenSource #GameDev #Malware #InfoSec #Security #Godot4

0 0 0 View Post & Replies See Original