Security researchers at Check Point have uncovered a sophisticated malware campaign dubbed “GodLoader” that exploits the popular Godot game engine to deliver malicious payloads. The attack has successfully compromised more than 17,000 computer systems in just three months, representing a significant threat to the gaming development community and end users.
Technical Analysis of GodLoader’s Operation
The malware leverages Godot Engine’s GDScript scripting capabilities to execute malicious code through seemingly legitimate game resource files. Attackers specifically target .pck file formats, which typically store game assets, transforming them into vectors for malware deployment. Once executed, these infected files enable attackers to exfiltrate sensitive data and deploy additional malicious payloads.
Distribution Network and Attack Vectors
The distribution infrastructure, identified as the Stargazers Ghost Network, operates through compromised GitHub repositories. Researchers documented over 200 malicious repositories managed by 225 controlled accounts between September and October 2024. The campaign specifically targeted both game developers and players through four major attack waves.
Cross-Platform Impact and Potential Reach
While current GodLoader variants primarily target Windows systems, security analysts have demonstrated the malware’s potential to affect Linux and macOS platforms. The threat is particularly concerning given Godot Engine’s substantial user base, including more than 2,700 contributors and approximately 80,000 community members.
Observed Malware Payloads
The campaign has been observed delivering multiple malicious payloads, including the RedLine information stealer and XMRig cryptocurrency miner. GodLoader’s sophisticated evasion techniques enable it to bypass most conventional antivirus solutions, potentially affecting over 1.2 million users of Godot-developed games.
While Godot Engine’s security team confirms no direct vulnerability exists within the engine itself, the situation highlights the critical importance of supply chain security in game development. Users are strongly advised to implement robust security measures, including advanced endpoint protection solutions, and to exercise extreme caution when downloading game-related files. Developers should implement code signing and verification procedures to protect their distribution channels from similar attacks.
