​Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months.

  • Tyfud@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    arrow-down
    2
    ·
    edit-2
    24 days ago

    This is a non issue. It’s like saying hackers used a programming language to write malicious code.

    Of course they did. How else would they do it?

    They’re just using the Godot engine (C#) to do it instead of the python interpreter.

    Edit: The people downvoting appear to not understand how this works.

    They wrote a module and made it available through the Gadot GodLoader “marketplace” for people to download. You could do the same thing with Unity3D, or UnrealEngine, or the Android store, or the Apple Store. The difference is those have safeguards from paid people and systems to verify the authenticity and maliciousness of the tools/code that are submitted. Gadot/Godloader lacks these controls in their system.

    The only thing it’s really doing it running arbitrary code. Arbitrary code the user would have to in some way allow it to run by installing an unknown/unverified script.

    Similar to something like the Greasemonkey extension for FF/Chrome.

    When you use modules and tools like this you are taking a risk that you are able to self-monitor, otherwise only run scripts/download modules from trusted sources.

    There’s nothing specific about Gadot’s system here, this is like clickbait.