A rising threat in the gaming community has emerged as cybercriminals target users searching for cheats with Lua-based malware disguised as fake script engines. This malicious software exploits the popularity of the Lua programming language, commonly used for game modifications, to compromise the systems of unsuspecting gamers. According to researchers from Morphisec, the malware establishes persistence on infected devices, allowing it to deliver additional payloads that can lead to further exploitation.
The initial discovery of this campaign dates back to March 2024 when OALabs documented how attackers lured users into downloading a malware loader written in Lua. They achieved this by exploiting a quirk in GitHub to stage their malicious payloads. As the attacks evolved, threat actors began using obfuscated Lua scripts instead of compiled bytecode to evade detection, simplifying their delivery mechanisms while maintaining the same infection chain. This tactic has enabled them to fly under the radar while targeting gamers worldwide.
Users searching for popular cheating script engines like Solara and Electron are often redirected to fraudulent websites containing links to ZIP archives that harbor the malicious code. These ZIP files typically include a Lua compiler, a runtime interpreter DLL, an obfuscated Lua script, and a batch file designed to execute the malicious Lua script. Once activated, the malware establishes a connection with a command-and-control (C2) server, where it sends system details and receives instructions for further actions, such as maintaining persistence, hiding processes, or downloading additional malware like the RedLine information stealer.
As this trend continues to pose a significant threat, cybersecurity experts stress the importance of vigilance among gamers. Many of the stolen credentials from these attacks are sold to sophisticated groups operating in the dark web, further perpetuating the cycle of cybercrime. In light of these developments, gamers are urged to exercise caution when downloading software from unofficial sources and to remain aware of the risks associated with seeking out cheats and hacks, as the potential consequences could be devastating.
