Winnti Group Targeting Video Game Companies with PiperMon Malware
A new malware is targeting video game developers inSouth Korea and Taiwan. Cyber security researchers at ESET named the malware PiperMon and believe it was launched by hackers in the Winnti Group
“This new implant shows that the attackers are actively developing new tools using multiple open source projects and don’t rely solely on their flagship backdoors, ShadowPad and the Winnti malware,” says Mathieu Tartare, ESET researcher.
In at least one attack, Winnti Group compromised a game company’s build orchestration server. In another cyber attack the hackers compromised the company’s game servers. This would allow the criminals to weaponize game executable files and spread malware to more machines.
What is the Winnti Group?
The Winnti Group is an organized hacking group that has been active since sometime in 2012. Kaspersky first gave the hacking group their moniker in 2013. They attack video game and software related supply chain companies. Winnti Group is responsible for trojanizing software such as CCleaner, ASUS LiveUpdate and several video games with malware to compromise more victims. Recently, ESET researchers reported that Winnti Group was targeting two Universities in Hong Kong with ShadowPad and the Winnti malware.
Winnti malware had compromised some of the same game companies that are with PipeMon this year.
Trojan files are those that a user wants to download. Hackers often deploy malware by bundling malicious executable files with legitimate files like compressed zip files, games, software installers, or other executables. Trojans are often bundled with games or computer utility apps where the user is expecting an executable file and therefore lets it bypass security. When the victim downloads what they think is a legitimate file, they also get malware along with it if it is weaponized. The malware may quickie infect the device and even download other malware. Once infected, many malwares quickly spread to other connected devices in the same network.
What are MMOs?
MMO is short for massively multiplayer online) games. MMO games are designed from the ground up to have thousands of people playing them all at once in a shared instance. Examples of MMOs are Diablo 3 World of Warcraft (WoW), and Eve Online. Blizzard Entertainment, owned in part by Tencent, is developed and published Diablo 3 and World of Warcraft.