Posted on April 24, 2019 at 11:36 AM
The case of Asus getting a supply-chain hack that allowed hackers to inject malicious code into their updates was a massive blow to the security industry and to the company itself. However, the news gets even more worrying as Kaspersky has uncovered further supply-chain hacks in the video game industry that threaten a greater amount of users.
Kaspersky links Asus and developers in broader game
Kaspersky has identified these supply chain attacks as part of a greater whole. While Asus is a big name in the computer industry and the updates that were compromised infected many people, they are not the only ones who have been breached. In fact, many breaches have been more severe.
Taking the game developers into effect, their software was infected, allowing the attackers to inject malicious code into the games that were developed. The games that were thought as secure would then be digitally signed by the company. This is much more dangerous than the certificate spoofing that the hackers had used with the Asus updates.
All these attacks are also, according to Kaspersky, connected with the infection of popular PC utility app Ccleaner and the infection of a server management software called Netsarang. However, these are nothing in comparison to the videogames that were breached as videogames are a mass-market product that are accepted automatically.
There are very few gamers who will think twice at giving untold permissions t their favorite games, and since the micro-transaction revolution, piracy (and the associated risks pirated game brought) have rendered many games lax with regards to security. While many might be able to guess that they are breached, very few would check the game they downloaded if the source was trusted.
One of the firms targetted was Thai gaming company Electronics Extreme. Their zombie game, which is a cruel twist of irony is called Infestation, carried the malware to hundreds of thousands of unsuspecting gamers. A Korean firm by the name of Zepetto had its first=person shooter infected as well. The third victim has not been named yet, though many are fearful that it could be a big enough name to cause panic in the industry.
Kaspersky found the gaming malware in January
Ever since Kaspersky had identified the code that was used in the Asus attacks, they have been scanning the internet to find similar examples. They first noticed it in games in January. Their investigation leads them to find an infected version of Microsoft’s Visual Studio, that contain a compromised linker. The linker is one of the tools that the Microsoft product uses to connect different parts of the source code once it is compiled.
Kaspersky does not know how the hackers managed to trick the firms into using the tools, though there is a logical explanation. Much like the Chinese developers who used a pirated version of Apple’s Xcode tool that was laced with malicious malware, the same can be inferred for these systems. All it would take is one developer downloading the tool from BitTorrent and everyone else at the company would become a target. That is the general consensus in the industry, but Kaspersky reps disagree.
They say that the breach was targetted to only three companies and even specific games. The companies being breached first is not out of the realm of possibility, and once that happened, they could have used the breach to infect their Visual Studio machines. It would make more sense, says Kaspersky, to target only those developers that worked on elements of the game that the hackers wanted to exploit.
Kaspersky has called these attacks ShadowHammer, which is links to an earlier attack in 2017 that they called ShadowPad. The ShadowPad attacks were when Netsarang and Ccleaner were infiltrated and used to infect their userbases with malware. Other companies that further researched the ShadowPad attacks have claimed that it bears all the hallmarks of Chinese attackers, but Kaspersky was coy on naming the origin of the attackers.