Dr. Web’s cybersecurity researchers have identified an attacker is trying to exploit zero-day vulnerabilities in Counter-Strike 1.6 game specifically to distribute Belonard Trojan.
Reportedly, about 39% of all the active servers of the game on Steam have been manipulated and compromised to hack the computers of gamers from a remote location.
Counter-Strike 1.6, released around twenty years back, is still a widely played game but due to the hacker exploiting the vulnerabilities in the game client, it is secretly infecting computers across the globe lately.
The several unpatched remote code execution vulnerabilities present in the client software allow execution of arbitrary code on the device when the gamer tries to connect to the server, which is already compromised. The infection doesn’t need the gamer to perform any other interaction at all. This way, the attacker has managed to use the game client to create an army of botnets through fake game servers.
It is worth noting that the attacker has been identified as a Russian gaming server developer using the alias Belonard who is exploiting the flaw for the promotion of his business. Belonard is apparently creating a botnet of infected gaming systems.
What the attacker does is that he replaces the list of official game servers with proxy servers in the already vulnerable game client and this is how the Trojan is spread on the device. Furthermore, Belonard is distributing a pirated or altered version of the game client through his website. His website is also infected with Belonard Trojan.
Dr. Web notes in the report released on Wednesday that:
“As a rule, proxy servers show a lower ping, so other players will see them at the top of the list. By selecting one of them, a player gets redirected to a malicious server where their computers become infected with Trojan.Belonard.”
Around 11 components of the Trojan are protecting the malicious client, while the client can filter requests, commands, and files that other game servers send to the device and transfers the data to the attacker’s server. The total number of registered game servers on Steam is over 5,000.
“According to our analysts, out of some 5,000 servers available from the official Steam client, 1,951 were created by the Belonard Trojan,” explained the researchers.
Valve, the owner of the multi-player game, has been notified about the foul play. The company claims that there are over 300 million players of this first-person shooter game and the version under attack currently is an old one that hasn’t been actively developed probably for years.
Therefore, the average number of users playing through the official Counter-Strike 1.6 clients is 20,000 at a time. However, it still offers a great opportunity for hackers to fulfill their malicious objectives and patching the game is the only workable solution.