Malware Campaign Targets Gamers with Infected Games
According to IT BOLTWISE® x Artificial Intelligence, a large-scale malware campaign named "StaryDobry" has been targeting gamers worldwide by distributing trojanized versions of popular games such as Garry’s Mod and BeamNG.drive. These games, highly rated on platforms like Steam, were used as bait by cybercriminals to exploit unsuspecting users. The campaign, discovered by Kaspersky, began in late December 2024 and concluded on January 27, 2025, primarily affecting users in Germany, Russia, Brazil, Belarus, and Kazakhstan.
The attackers uploaded infected game installation files to torrent sites, activating the malware during the holiday season to evade detection. The infection process involved a multi-stage chain, culminating in the installation of an XMRig cryptominer. The malware exhibited advanced evasion techniques, such as terminating itself when security tools were detected, and used "regsvr32.exe" for persistence. The cryptominer targeted systems with at least eight CPU cores, leveraging their processing power for Monero mining. While the perpetrators remain unidentified, evidence suggests a Russian-speaking actor may be behind the campaign.
For more details, visit IT BOLTWISE® x Artificial Intelligence at https://www.it-boltwise.de/malware-kampagne-zielt-auf-gamer-mit-infizierten-spielen-ab.html.
Monero Mining Malware Hidden in Popular Game Torrents
Cryptopolitan reports that hackers have launched a mass infection campaign to distribute Monero mining malware through torrents of popular games like Garry’s Mod, Dyson Sphere Program, and Universe Sandbox. The campaign, named "StaryDobry," was discovered by Kaspersky in January 2025 but had been in preparation since September 2024. The malware was delivered via cracked game installers, often requiring users to disable antivirus software during installation.
The mining program specifically targeted processors with eight or more cores, ensuring maximum efficiency. The campaign primarily affected users in Russia, with additional cases reported in Kazakhstan, Brazil, Germany, and Belarus. Kaspersky suspects a Russian group may be responsible, as some malware files contained Russian language elements. The malware was remotely activated on December 31, 2024, exploiting the high-performance hardware of gaming PCs for Monero mining.
For further information, refer to Cryptopolitan at https://www.cryptopolitan.com/de/monero-mining-malware-in-game-torrents/.
Sources:
