39% of Counter Strike 1.6 Servers Found to be Delivering Malware

It has been roughly two decades since the launch of Counter Strike. Yet, the game continues to be popular among the players. Nonetheless players of this game should remain vigilant when it comes to security. The hack entails the player being connected to a malicious Counter Strike 1.6 server and unwittingly downloading a Trojan.

Malicious Counter Strike 1.6 Servers Spotted

According to a study published by Dr. Web, some malicious Counter Strike 1.6 servers deliver malware to the gamers’ systems. The researchers found around 39% of all existing CS servers involved in this activity.

Reportedly, they found a developer ‘Belonard’ infecting users with said Trojan to exploit their accounts and promote other game servers. For this, the owner of these servers exploited vulnerabilities in the game client – both the original and pirated one.  As explained in Dr. Web’s report,

“The Trojan is to infect players’ devices and download malware to secure the Trojan in the system and distribute it to devices of other players. For that, they exploit Remote Code Execution (RCE) vulnerabilities, two of which have been found in the official game client and four in the pirated one.”

After the Trojan.Belonard reached the victim’s device, it then replaced the available servers in the list with proxies.

“As a rule, proxy servers show a lower ping, so other players will see them at the top of the list. By selecting one of them, a player gets redirected to a malicious server where their computer become infected with Trojan.Belonard.”

This enabled the developer to create a botnet involving 39% (1951 servers) of all 5000 CS servers.

Threat Still Persists

In their report, Dr. Web stated that they succeeded in shutting down of the botnet that already infected a large number of users. They also confirmed the suspension of domain names used by the developer.

However, the threat still persists to haunt the game players since the CS game developers haven’t patched the flaws yet.

“Doctor Web have informed Valve about these and other vulnerabilities of the game, but as of now, there is no data on when the vulnerabilities will be fixed.”

Thus, until a patch is available, the players should remain cautious to avoid falling prey to any possible malicious activity arising in the future.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil