Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Malicious Game Cheats Give Hackers Remote Access to PCs

Malicious Game Cheats Give Hackers Remote Access to PCs

Posted on July 15, 2026 By CWS

Recent research has unveiled a troubling cybersecurity threat targeting gaming communities. Hackers have embedded 11 malicious NuGet packages in what appear to be game cheats and management tools for popular online games. The affected games include Albion Online, GTA5RP, GrandRP, Majestic RP, and Throne and Liberty. Once installed, these packages enable attackers to gain remote control over users’ Windows PCs, capturing live screenshots and compromising sensitive data.

How the Attack Works

This malicious campaign employs a sophisticated two-stage attack method. Initially, a .NET tool downloader is used, followed by the deployment of a Python payload through PyInstaller. The campaign utilizes .NET command-line tools classified under the DotnetTool package type. These tools act as first-stage components that download and execute a Windows executable named pepesoft.exe.

To circumvent local systems and network DNS protections, the downloader uses DNS-over-HTTPS to resolve GitHub hosts. Additionally, most samples request User Account Control (UAC) elevation to sync the Windows clock before downloading the main payload.

Technical Infrastructure and Threat Analysis

All involved downloaders share identical AWS-style credentials and a common process mutex GUID, linking them to a centralized toolchain. These credentials are passed to the secondary payload via environment variables, enabling the malware to configure its cloud storage engine without embedding secrets directly.

Research indicates a rising trend in credential-harvesting malware targeting open-source repositories. Once operational on a compromised machine, pepesoft.exe connects to Google Sheets to log victim data, including hardware specifics, system hostnames, and geolocation. This enables the operator to manage infected systems using a centralized kill switch.

Impact and Evidence

The attack affects various game titles, with some payloads delivered as Python bytecode, featuring Telegram bot command integration. These commands can trigger unauthorized screenshot captures, exfiltrating visible data from password managers, browser sessions, and more.

The PyArmor-protected payloads reroute blocked Google Sheets traffic via authenticated proxies, further complicating network-level defenses. Some variants alter Windows Installer policies to execute destructive cleanup routines upon exit.

Indicators such as Russian-language console output and targeting of Russian-speaking gaming communities suggest a Russian-speaking operator is behind this campaign. These findings have been reported to the NuGet security team for urgent action.

This threat highlights the critical need for vigilance in cybersecurity, especially within gaming communities. Users are advised to be wary of downloading tools from untrusted sources and to employ robust security measures to protect their systems.

Cyber Security News Tags:credential harvesting, Cybersecurity, game cheats, Gaming, Malware, NuGet packages, Phishing, Python payload, remote access, Windows security

Post navigation

Previous Post: Cloud & Data Security Summit: Key Insights Today
Next Post: Critical Security Updates Released for Major Software

Related Posts

Android Security Update – Patch for Vulnerabilities that Allows Privilege Escalation Cyber Security News
New JSCEAL Attack Targeting Crypto App Users To Steal Credentials and Wallets New JSCEAL Attack Targeting Crypto App Users To Steal Credentials and Wallets Cyber Security News
FIN6 Hackers Mimic as Job Seekers to Target Recruiters with Weaponized Resumes FIN6 Hackers Mimic as Job Seekers to Target Recruiters with Weaponized Resumes Cyber Security News
Massive Data Breach at Cognizant’s TriZetto Affects Millions Massive Data Breach at Cognizant’s TriZetto Affects Millions Cyber Security News
Claude’s New Feature Simplifies AI Memory Transfer Claude’s New Feature Simplifies AI Memory Transfer Cyber Security News
5,000+ Fake Online Pharmacies Websites Selling Counterfeit Medicines 5,000+ Fake Online Pharmacies Websites Selling Counterfeit Medicines Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Dell Patches Critical PowerProtect Flaws Allowing Remote Access
  • Windows Bind Link Exploits Bypass EDR Detection
  • Critical Security Updates Released for Major Software
  • Malicious Game Cheats Give Hackers Remote Access to PCs
  • Cloud & Data Security Summit: Key Insights Today

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Dell Patches Critical PowerProtect Flaws Allowing Remote Access
  • Windows Bind Link Exploits Bypass EDR Detection
  • Critical Security Updates Released for Major Software
  • Malicious Game Cheats Give Hackers Remote Access to PCs
  • Cloud & Data Security Summit: Key Insights Today

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark