It turns out that malware was embedded in the MOD for the game 'BeamNG.drive,' which has detailed car destruction
Web developer Lemonyte reported that he discovered malware in a mod for the game '
How I Found Malware in a BeamNG Mod | Lemonyte
https://lemonyte.com/blog/beamng-malware
One day, Lemonyte launched BeamNG.drive and immediately after launching it received a notification from his antivirus software. According to the notification, there was an attempt to execute a curl command to access a specific link, and when Lemonyte investigated, the link destination was malicious.
After investigation, we found that the command originated from BeamNG.drive, so we investigated whether the problem was with the game itself or the MOD. We found that the command was only detected when the MOD '
When Lemonyte analyzed the code, he found some suspicious JavaScript code in a file named american_road_patreon_banner.js. At first glance, it looked like it was displaying a support banner, but after he noticed that the html file referenced in the script didn't actually exist and that the function to load the compiled CSS file was unnecessarily complicated, he discovered that the code was executing hidden JavaScript.
When the code was run in a virtual environment, it was found to exploit a JavaScript vulnerability reported in 2019,
Lemonyte contacted the BeamNG team, and within a few days, the infected version of the mod was removed from the official repository and the author's account was suspended. Lemonyte warns that if you have American Road installed, you should remove it and scan it for malware. The mod's page shows that the malicious code was added on April 1st. More than 3,500 people had already downloaded the mod before it was removed, so some people may have had their passwords or personal information stolen.
Related Posts:
