Point Blank Gamers Targeted with Backdoor Malware (Apr 24, 2019)
The first-person shooter game, "Point Blank," appears to have suffered a supply-chain attack, causing users to be infected with a backdoor upon downloading the official game, according to Kaspersky Lab researchers. The researchers discovered that several executable files for the game were injected with a backdoor. The files were signed with a legitimate and unrevoked certificate from the company, Zepetto Co. The backdoor can download additional data or malware to the machine, after running through checks to determine the machine it is installed onto does not have the system language set to Chinese or Russian and ensures it obtains administrative privileges. Researchers believe this supply-chain attack may be linked to a past campaign called "Operation ShadowHammer," which involved compromising an ASUS update with malicious code, due to the technical similarities. Kaspersky Lab believes that the Advanced Persistent Threat group "Barium" (APT17, Axiom, Deputy Dog) was behind Operation ShadowHammer, therefore, it is possible that the group is also behind this incident.
Recommendation: Threat actors are willing to go to great lengths to abuse trust relationships in supply-chain attacks. If Point Blank was downloaded to your machine recently, it may have resulted in malware infection. Some threat groups, such as APT17 and Winnti, are known for targeting video games for the purposes of malware distribution, thus it could be prudent for gaming, personal, and professional machines to be kept separate or in virtual machines.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.