Cybercriminals are exploiting zero-day vulnerabilities in an old game Counter-Strike 1.6 to spread the Belonard Trojan.
To give context, the overall number of game servers registered on Steam exceeds 5,000 while the number of players using official CS 1.6 clients reaches an average of 20,000 people online.
“Many owners of popular game servers also raise money from players by selling various privileges such as protection against bans, access to weapons, etc.,” according to a recent report from Dr. Web detailing the attacks. “Some server owners advertise themselves independently, while others purchase server promotion services from contractors.”
Researchers found a malicious server developer nicknamed “Belonard” had resorted to illegal means of promotion and was infecting player devices with a Trojan using zero-day exploits in the game, to gain access to their accounts to promote other game servers to creating his own botnet.
The malware exploits an RCE vulnerability to upload one of the malicious libraries to a victim’s device. Researchers were ultimately able to neutralize the trojan and stop the botnet from spreading.