GTA V Malware Bundled With KeyLogger
In recent days, GTA V users who used Angry Plans and No Clip mod also installed a keylogger which came with. Users shortly started to alert others in a thread.
MalwareBytes researchers looked closely at the malware in their blog post.
Game mods have been a target for many years, with an older version of GTA coming under fire from a notorious GTA: Hoodlife fake mod containing malware back in 2007, Chris Boyd researcher at MalwareBytes… Fans of the series traditionally enjoy extending the lifespan of the title through modding, so it’s a rich area of exploitation for malware authors. Rockstar could potentially increase mod safety by opening up the Steam workshop to mod downloads, but it seems that option isn’t available yet
If there is no push to host mods on Steam, then gamers will have to rely on third-party sites for downloads. It’s a lot easier for bad files to slip through on forums and fan-made websites than a service such as Steam with various checks and security features in place behind the scenes
The installed malware has a black dove logo and has been identified as “fade.exe” or “Trekker.exe”. Malwarebytes Anti-Malware identified it as Trojan.Agent.TRK.
The entry point is a typical .NET loader, de-obfuscating an array of bytes and storing it in variable “c”. A de-obfuscated PE is placed into “c” after a call to smethod_1. The new executable is called using the Invoke method.
Gamers should always be cautioned when installing any programs, especially mod because they are not analyzed most of the time.
