cross-posted from: https://lemmy.zip/post/27055106

​Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months.

  • unexposedhazard@discuss.tchncs.de
    link
    fedilink
    arrow-up
    44
    arrow-down
    1
    ·
    edit-2
    29 days ago

    I think its malicious to even mention Godot in a headline with this weak context. It will confuse and scare people into thinking godot is unsafe. Some stupid people downloading and executing code from a malicious source is not noteworthy enough to justify a headline like this. It almost sounds like godot has a RCE from how clickbaity this headline is written.

    • Kelly@lemmy.world
      link
      fedilink
      English
      arrow-up
      21
      ·
      edit-2
      28 days ago

      This is probably the larger story from the OP link:

      The Stargazers Ghost Network uses over 3,000 GitHub “ghost” accounts to create networks of hundreds of repositories that can be used to deliver malware (mainly information stealers like RedLine, Lumma Stealer, Rhadamanthys, RisePro, and Atlantida Stealer) and star, fork, and subscribe to these malicious repos to push them to GitHub’s trending section and increase their apparent legitimacy.

      Edit: a bit more info:

      The malicious GodLoader is distributed by the Stargazers Ghost Network, a GitHub network that distributes malware as a service. Throughout September and October, approximately 200 repositories and over 225 Stargazers were used to legitimize the repositories distributing the malware.

      https://research.checkpoint.com/2024/gaming-engines-an-undetected-playground-for-malware-loaders/

      My take is that Godot has never claimed to be sandboxed, as long as OS.execute() is enabled by default then running arbitrary code in the user context is trivial. The solution of course is to only run code that you trust.