The Counter Strike gamers needs to be aware as 39% of the existing Counter Strike 1.6 game servers made available online are malicious and that have been set up in a bid to remotely hack the gamers’ PCs. A team of Dr. Web’s cybersecurity researchers have disclosed that an attacker has been utilizing the malicious gaming servers to secretly compromise the computers of the Counter Strike Gamers across the globe by exploiting the zero-day vulnerabilities in the game client. As per the researchers, the Counter Strike 1.6, a popular game that is almost 20 years old contains the unpatched multiple remote code execution vulnerabilities (RCE) in its client software that allows the attackers to execute arbitrary code on the gamers’ computers as soon as they connect to a malicious server without the requirement of any further interaction from the gamers.
It has been found out that a Russian gaming server developer nicknamed as ‘Belonard’ has been exploiting these vulnerabilities in the wild to promote his business and create a botnet of the compromised gamers’ systems all by infecting them with a customized Trojan. Dubbed as ‘Belonard’ named after his developer has been so designed to gain persistence, replace the list of the available game servers in the vulnerable game client installed on the infected systems and have created proxies to further spread the Trojan. Apart from this, the developer is also distributing a modified or the pirated version of the game client through his website that is already infected with the Belonard Trojan. One of the 11 components of the Trojan acts as a protector of the malicious client that filters the requests, files and commands that has been received from the other game servers and transfers the data about the attempted changes to the client to the Trojan developer’s server.