A recent cybersecurity report reveals a large-scale malware campaign, dubbed StaryDobry by Kaspersky, which targets gamers through trojanized game installers. The scheme, which began on December 31, 2024, has spread infections primarily in countries like Russia, Brazil, and Germany. The attackers use popular games such as BeamNG.drive and Garry’s Mod to lure users into downloading malicious files that deploy a cryptocurrency mining software known as XMRig. This sophisticated attack method involves uploading fake installers to torrent sites and using advanced evasion techniques, highlighting a growing threat to Windows users. The exact identity of the perpetrators remains unknown, although implications suggest involvement by Russian-speaking actors.
A New Malware Threat: StaryDobry Cryptocurrency Miner
As gaming continues to gain immense popularity, a new threat is lurking in the shadows. Users searching for popular games are being tricked into downloading malicious software that installs a cryptocurrency miner on their Windows machines. This threat, named StaryDobry, was discovered by Kaspersky, a Russian cybersecurity firm, and it has been causing significant issues since it first emerged in late December 2024.
The StaryDobry campaign has targeted users worldwide, with high levels of infection reported in countries including Russia, Brazil, Germany, Belarus, and Kazakhstan. Kaspersky researchers noted that this campaign cleverly targets gamers, who typically use powerful machines better suited for mining cryptocurrencies.
How the Attack Works
According to Kaspersky’s analysis, the attackers used popular games—such as BeamNG.drive and Garry’s Mod—as bait to distribute malicious installers. These installers, found on various torrent sites, are designed to look like regular game downloads, but they carry significant threats. Once downloaded, they execute a dropper that silently installs the miner while attempting to avoid detection by running checks to see if it is being analyzed in a safe environment.
The miner utilized in this attack is a modified version of XMRig, optimized to work on systems with eight or more CPU cores. If the system does not meet this requirement, the miner does not activate, ensuring that the attackers only utilize powerful machines for their illegal activities. Interestingly, the mining process is directed to a private pool server set up by the attackers, rather than a public one, increasing their control over the operation.
Keeping Safe from StaryDobry
Given the rise of threats like StaryDobry, it’s essential for users to stay vigilant when downloading software, particularly from torrent sites. Always verify the source and consider using antivirus software to scan downloads before installation. Additionally, monitoring system processes can help detect any unusual activities suggestive of malware presence.
As the landscape of online threats evolves, awareness and proactive measures are key to maintaining security against increasingly sophisticated malware campaigns.
What is the StaryDobry attack?
The StaryDobry attack is a method where hackers spread fake game installers that secretly install a cryptocurrency miner on your computer. This can make your device slow and use up a lot of resources without you knowing.
How does a Trojanized game installer work?
A Trojanized game installer is a fake game setup file that looks real. When you run it, it secretly installs harmful software, like a cryptocurrency miner, instead of the game you wanted.
What are the signs of a Trojanized game installer?
Signs include slow computer performance, high CPU usage, and unexpected pop-ups or crashes. If a game installer looks suspicious or comes from an untrustworthy source, it could be a Trojan.
How can I protect myself from these attacks?
To protect yourself, only download games from official websites or trusted sources. Use antivirus software and keep it updated. Also, be careful with links and emails that offer free downloads.
What should I do if I think I’ve been infected?
If you suspect you’ve been infected, disconnect your internet and run a full antivirus scan on your computer. Remove any suspicious programs and consider seeking professional help if you can’t fix it yourself.
