Gaming mods and cheat engines are being weaponized to target gamers in new malware campaigns. 

On Wednesday, researchers from Cisco Talos said the gaming tools are being used to deploy a cryptor — code designed to prevent reverse-engineering or analysis — for a variety of malware strains, the majority of which appear to be Remote Access Trojans (RATs).  The attack wave is focused on compromising the systems of gamers and modders. The initial attack vector begins with malvertising — adverts that lead to malicious websites or downloads — as well as YouTube how-to videos focused on game modding that link to malicious content.  There is already a vibrant marketplace for cheats and mods. Online gaming is now an industry worth millions of dollars — only propelled further with the emergence of competitive e-sports — and so some gamers will go so far as to purchase cheats to give them an edge.  Developers have upped their game, too, and will often upload their creations to VirusTotal to see if files are flagged as suspicious or malicious.  The risk in downloading system-modifying files is nothing new and the latest campaign only carries on the trend. Cheats, cheat engines, and mods have been found that contain cryptors able to hide RAT code and backdoors through multiple layers of obfuscation. Once a malicious mod or cheat has been downloaded and installed on a target machine, a dropper injects code into a new process to circumvent basic antivirus tools and detection algorithms. 

The malware is then able to execute. Samples tracked so far include the deployment of XtremeRAT, an information stealer that has been associated with spam campaigns and the deployment of Zeus variants. 
Cisco Talos
Cisco Talos notes that the cryptor uses Visual Basic 6, shellcode, and process injection techniques to make analysis difficult.  “As workers continue to operate remotely during the COVID-19 pandemic and mix work with their private computer usage, enterprises are even more likely to be attacked by compromised personal PC equipment belonging to their employees,” the researchers say. “Employees will sometimes download modding tools or cheat engines from questionable sources to tweak their PC or games running on the same machine they use for their job.” Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

Image: ASD
The Australian Signals Directorate published a sobering The Commonwealth Cyber Security Posture in 2020 report on Thursday, with one of the bright spots being the use of scanning by the Australian Cyber Security Centre (ACSC). Under its Cyber Hygiene Improvement Programs (CHIPs), the ACSC was able to identify vulnerable, internet-exposed MobileIron systems across Commonwealth, state and territory, and local governments. “The ACSC notified all government entities operating vulnerable devices of the device details, the critical vulnerability and the urgent need to patch or otherwise mitigate the risk,” the report said. “This timely and actionable information from the ACSC allowed some government entities to pre-empt adversary exploitation of their MobileIron devices, in one case by hours.” The report said the 2020 MobileIron and Citrix vulnerabilities had some of the quickest turnarounds before exploitation attempts began to appear. “Reporting showed adversaries attempting to exploit these vulnerabilities within days of proof-of-concept codes being publicly released,” it said. “Organisations that cannot patch their internet-facing services in a very timely manner, especially legacy VPNs and websites, must improve their patching capability. Adopting software-as-a-service or platform-as-a-service cloud approaches to internet-facing services may assist.” This is bad
Image: ASD

Elsewhere, the report said while in absolute terms the cyber posture of Commonwealth entities was improving, the shift was glacial in 2020. For instance, the report said entities were improving application hardening, but only 12% of entities got better. Similarly, 10.5% were doing application control properly, and 9.5% more entities could say they were restricting admin privileges properly. The blame for the slow pace was placed with entities continuing to use obsolete and unsupported operating systems and applications, not embracing cloud services, organisations not having fast or flexible modernisation strategies, a cyber skills shortage, and organisations continuing to “misunderstand, misinterpret and inconsistently” the Essential Eight. In a government response tabled on Wednesday, the government is considering making the Essential Eight essential for its entities. This is very, very bad
Image: ASD
Restricting adherence to merely the Top Four of the Essential Eight showed 11% of organisations self-reported at the lowest level of compliance, followed by 55% at the second step of the four step system, with 33% at the third level, and only 1% being fully compliant. The policy with the lowest level of maturity was “safeguarding information from cyber threats”. On the plus side, CHIPs is now able to track “cyber hygiene indicators” across 71,300 active Commonwealth government domains, an improvement of 54,300 domains in the year from February 2020, and covers the sites of 187 entities. Across 2020, CHIPs gained the ability to scan for encrypted email use; whether government sites were running up-to-date software, displaying default websites or using expired certificates; scanning for critical vulnerabilities; and advising government entities at all levels on services they have open to the wider internet. During the year, ACSC created a Protective Domain Name System that blocks domains associated with malware, ransomware, phishing attacks, and other malicious content. “Under the pilot, the ACSC processed approximately 2 billion queries from eight Commonwealth entities over the period from April to December 2020 — and blocked 4683 unique malicious cyber threats, preventing over 150,000 threat events,” the report said. “In 2021–22, the capability will be offered to all Commonwealth entities.” Australia is so bad at cyber
Image: ASD
The report stated approximately one quarter of entities are now using DMARC to prevent email spoofing. Across the year, ACSC said it responded to 434 cyber incidents, of which 46% were self-reported and the remainder were found through “ACSC investigations, reporting from international partners and third parties, and analysis of a variety of classified and open-source material”. The next report will be handed to government in November 2022 and cover from January 2021 to June 2022. From 2023, the reports will focus on cyber posture across a single financial year. Related Coverage More

Xiaomi has filed a legal action against the US Defense and Treasury departments that seeks to remove itself from the country’s official list of Communist Chinese military companies (CCMC).
The Department of Defense added Xiaomi onto the list in mid-January after it accused the company of “appearing to be [a] civilian entity” in order to procure advanced technologies in support of the modernisation goals of the Chinese military. 
In the legal complaint [PDF], Xiaomi said it filed the lawsuit as the CCMC designation would cause “immediate and irreparable harm to Xiaomi”, including by cutting off Xiaomi’s access to US capital markets. 
It added that the restrictions would interfere with the company’s business relationships and ability to conduct and expand its business, as well as harm its reputation and goodwill among business partners and consumers, both in the United States and around the world. 
Companies placed on the CCMC list are subject to a Donald Trump executive order that came into force in November last year. The executive order prohibits US persons from trading and investing in any of the listed companies and bans trading in any new companies once the US has placed the CCMC label on them.
As a result, people in the US will no longer be able to purchase publicly traded Xiaomi securities or derivatives of those securities from March 15 onwards and must divest any holdings by January 14 next year. 
Xiaomi in the complaint also accused the US departments of designating the company as a CCMC without providing reasoned explanations. 

“Xiaomi would not be subject to these harms but for Defendants’ unlawful designation of Xiaomi as a CCMC, and the resulting restrictions under Executive Order 13959,”  the company said. 
It explained that more than 75% of the voting rights in the company are held by co-founders Lei Jun and Bin Lin and that various Xiaomi shareholders were US companies, such as BlackRock and The Vanguard Group.
The lawsuit follows Xiaomi releasing a statement last month proclaiming it had no ties with the Chinese military.
“The company confirms that it is not owned, controlled, or affiliated with the Chinese military, and is not a ‘Communist Chinese military company’ defined under the NDAA,” the company said.
In recent weeks, US entities, such as the New York Stock Exchange, have struggled to handle the consequences and interpretation of the CCMC list. Across the month of January, the exchange said it would delist a trio of Chinese telcos, before changing its mind, and then it reverted to its original decision.
Other Chinese companies currently on the list include Huawei, Hikvision, Inspur, Panda Electronics, and Semiconductor Manufacturing International Corporation.
As Xiaomi prepares to enter into a legal stoush with the US government, the company has simultaneously launched a new form of charging that it touted can remotely charge electronic devices without any cables or wireless charging stands. 
Image: Xiaomi
Labelled as Mi Air Charge, the technology is a “charging pile” that uses 144 antennas to transmit millimetre-wide waves to charge smartphones. These waves can only be transmitted by smartphones that have a built-in “beacon antenna”, however, which is what allows for devices to receive the charging waves.
The remote charging technology can provide 5-watt charging for various devices at the same time within a radius of several metres, Xiaomi said. Currently, devices like the OnePlus 8T can provide up to 65-watt charging through cables.
Related Coverage
Xiaomi denies any ties with Chinese military
The device maker has released a statement saying that it is not a Communist Chinese military company.
Xiaomi added to US list of alleged Communist Chinese military companies
Device maker joins a list that includes Huawei, Hikvision, Inspur, Panda Electronics, and Semiconductor Manufacturing International Corporation.
Xiaomi to invest $7.2 billion in 5G, AI, and IoT over five years
Xiaomi is facing stiff competition in its core smartphone business as other Chinese Android-makers, especially Huawei, continue to erode the market shares of smaller players.
Trade war restrictions force Huawei to sell off Honor business
Chinese giant cites ‘persistent unavailability of technical elements’ as the reason for selling its Honor sub-brand.
The NYSE ban on three Chinese telcos is back
Latest reversal comes after the exchange received ‘guidance’ from the US Treasury. More

Elyse Betters Picaro / ZDNETFollow ZDNET: Add us as a preferred source More

Jason Hiner/ZDNETMeta Ray-Bans have often been very difficult to find in stock at both retailers and online stores for the past two years — and they rarely go on sale. But one of the best ways to not only get a 20% discount but also find some of the styles that have been discontinued or are rarely ever in stock is to use the little-known Meta Refurbished AI Glasses online store More