 
                                  
                             
                            
                            
                                
- Check Point Research discovered a new technique taking advantage of Godot Engine, a popular open-source game engine, to execute crafted GDScript, code which triggers malicious commands and delivers malware. The technique remains undetected by almost all antivirus engines in VirusTotal. 
- Check Point identified GodLoader, a loader that employs this new technique. The threat actor behind this malware has been utilizing it since June 29, 2024, infecting over 17,000 machines 
- The malicious GodLoader is distributed by the Stargazers Ghost Network, a GitHub network that distributes malware as a service.   Throughout September and October, approximately 200 repositories and over 225 Stargazers were used to legitimize the repositories distributing the malware. 
- This new technique allows threat actors to target and infect devices across multiple platforms, such as Windows, macOS, Linux, Android, and iOS. 
- Check Point Research demonstrates how this multi-platform technique can successfully drop payloads in Linux and MacOS. 
- A potential attack can target over 1.2 million users of Godot-developed games. These scenarios involve taking advantage of legitimate Godot executables to load malicious scripts in the form of mods or other downloadable content. 
 
                     
                    
                 
             
        
     
    
    
 
    4834 links