Gamers and VPN services

The hackers are using a certificate belonging to PMG PTE LTD, a Singaporean vendor of the VPN product 'Ivacy VPN.' TARGETING Ivy VPN being used in the Southeast Asia gaming community specifically. However, there are no guarantees that the built-in "geo-fencing" restrictions purported to be built into the malware work, as stated in the article. 


My specific warning to everyone is the following from the article:

DLL side-loading

The attacks begin with dropping .NET executables (agentupdate_plugins.exe and AdventureQuest.exe) on the target system, likely via trojanized chat apps, that fetch password-protected ZIP archives from Alibaba buckets.

The AdventureQuest.exe malware sample was first found by security researcher MalwareHunterteam in May when they noted that the code-signing certificate was the same as one used for official Ivacy VPN installers.

These archives contain vulnerable software versions like Adobe Creative Cloud, Microsoft Edge, and McAfee VirusScan, which are susceptible to DLL hijacking. The Bronze Starlight hackers use these vulnerable applications to deploy Cobalt Strike beacons on targeted systems.

The malicious DLLs (libcef.dll, msedge_elf.dll, and LockDown.dll) are packed inside the archives alongside the legitimate program executables, and Windows prioritizes their execution against safer versions of the same DLL stored in C:\Windows\System32, hence allowing malicious code to run.

End statement, if you are a gamer in any geo-location be vigilant. 


MS Certified Professional : Windows 11 Home/Pro 23H2 x 64 build 22631.2792 / Windows 10 Pro x 64 version 22H2 / build 19045.3758 / Norton Security Ultra - Norton 360 Deluxe ver. / Opera GX LVL5 (core: 104.0.4944.70) 64 bit-Early Access w/Norton Chrome Extensions / Android 14 One UI 6.1