Blitz Malware: A Tale of Game Cheats and Code Repositories
1 min read
Summary
The entry point of the attack is a Windows executable file distributed within a gaming cheat package, which retrieves a downloader component of the Blitz malware.
The downloader then retrieves and installs the final bot payload, which gives an attacker wide control of the infected system, including collecting screenshots, keylogs, and system information and running an XMRig miner.
The malware operator uses a Hugging Face Space to host C2 infrastructure and various versions of the malware’s components and configuration files.
The operator used multiple distribution methods, including spreading the malware through Discord and delivering it with legitimate software.
The operator also developed a “Blitz System Cleaner” tool to remove the downloader from infected systems.
The NJCCIC recommends users protect against threats like this by considering a cybersecurity awareness training for all staff to enhance vigilance and resilience to social engineering tactics and by keeping systems up-to-date and patched, as well as enabling malware detection and prevention tools.
