Counter-Strike 1.6 game client 0 day exploited to spread Belonard trojan !!

Counter-Strike 1.6 game client 0 day exploited to spread Belonard trojan !!

Dr. Web’s cybersecurity researchers have identified an attacker is trying to exploit zero-day vulnerabilities in Counter-Strike 1.6 game specifically to distribute Belonard Trojan.

Counter-Strike 1.6, released around twenty years back, is still a widely played game but due to the hacker exploiting the vulnerabilities in the game client, it is secretly infecting computers across the globe lately.

The several unpatched remote code execution vulnerabilities present in the client software allow execution of arbitrary code on the device when the gamer tries to connect to the server, which is already compromised. The infection doesn’t need the gamer to perform any other interaction at all. This way, the attacker has managed to use the game client to create an army of botnets through fake game servers.

It is worth noting that the attacker has been identified as a Russian gaming server developer using the alias Belonard who is exploiting the flaw for the promotion of his business. Belonard is apparently creating a botnet of infected gaming systems.

What the attacker does is that he replaces the list of official game servers with proxy servers in the already vulnerable game client and this is how the Trojan is spread on the device. Furthermore, Belonard is distributing a pirated or altered version of the game client through his website. His website is also infected with Belonard Trojan.

Infection Chain in Client with Counter-Strike Vulnerabilities
Once the player launches the gaming client, connects with a malicious server, it exploits the RCE vulnerability in the client.

Based on the vulnerability, it downloads and executed Trojan.Belonard.1 or Trojan.Belonard.5, later it connects with command and control server and sends the encrypted request to download the encrypted file in response. Here you can see the flow diagram on how the Trojan works.

Dr. Web notes in the report released on Wednesday that:

“As a rule, proxy servers show a lower ping, so other players will see them at the top of the list. By selecting one of them, a player gets redirected to a malicious server where their computers become infected with Trojan.Belonard.”

Around 11 components of the Trojan are protecting the malicious client, while the client can filter requests, commands, and files that other game servers send to the device and transfers the data to the attacker’s server. The total number of registered game servers on Steam is over 5,000.

To know about latest happenings in technology industry check out other posts of GadgetsTricks.com
Thanks For Your Time