I Found Malware in a BeamNG Mod
a year ago
- #reverse-engineering
- #cybersecurity
- #malware-analysis
- The author discovered malware in a BeamNG mod after noticing an antivirus alert for 'curl.exe'.
- Process Monitor and WinDbg were used to trace the malicious activity back to the mod 'American Road'.
- The malware exploited a Chromium vulnerability (CVE-2019-5825) to execute shellcode that downloads a malicious DLL.
- The DLL is an infostealer targeting browser passwords and the Exodus crypto wallet app.
- The infected mod was removed from the official repository, and the author's account was suspended.
- Users who installed the mod are advised to remove it, scan for malware, and change their passwords.
- The game's outdated Chromium Embedded Framework (version from 2019) and the use of '--no-sandbox' flag contributed to the exploit's success.
- The post highlights the importance of updating dependencies and removing unnecessary flags to prevent similar incidents.