Recent searches
Search options
For the first time a malware written in GDScript has been spotted in the wild. The attack vector are spam-repos on Github with infected cracked game executables targeting Windows devices. The code uses a bunch of OS.execute statements to run malicious shell code. More interesting are the employed anti-emulation techniques. One of them uses Godot’s rendering capability detection to check for 3D Video Acceleration.
@GodotUserGroupBerlin@mastodon.gamedev.placeKey takeaways of the report:
- Do not download and run executables from untrustworthy sources
- Do not run executables with admin privileges except you know what you are doing
- As a Game Creator: Encrypt your .pck file/section with asymmetric keys to prevent malicious actors from easily infecting your game code.
This is not a vulnerability in Godot but a nefarious actor crafting malicious GDScript code.
Read the full report here: https://research.checkpoint.com/2024/gaming-engines-an-undetected-playground-for-malware-loaders/
Also see the statement of the Godot Security Team on this topic: https://godotengine.org/article/statement-on-godloader-malware-loader/
@GodotUserGroupBerlin thanks for pointing out the encryption feature for pcks. The fact that the templates must be compiled with the key, makes it a bit harder to use, unfortunately.