Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Malicious Game Cheats Give Hackers Remote Access to PCs

Malicious Game Cheats Give Hackers Remote Access to PCs

Posted on July 15, 2026 By CWS

Recent research has unveiled a troubling cybersecurity threat targeting gaming communities. Hackers have embedded 11 malicious NuGet packages in what appear to be game cheats and management tools for popular online games. The affected games include Albion Online, GTA5RP, GrandRP, Majestic RP, and Throne and Liberty. Once installed, these packages enable attackers to gain remote control over users’ Windows PCs, capturing live screenshots and compromising sensitive data.

How the Attack Works

This malicious campaign employs a sophisticated two-stage attack method. Initially, a .NET tool downloader is used, followed by the deployment of a Python payload through PyInstaller. The campaign utilizes .NET command-line tools classified under the DotnetTool package type. These tools act as first-stage components that download and execute a Windows executable named pepesoft.exe.

To circumvent local systems and network DNS protections, the downloader uses DNS-over-HTTPS to resolve GitHub hosts. Additionally, most samples request User Account Control (UAC) elevation to sync the Windows clock before downloading the main payload.

Technical Infrastructure and Threat Analysis

All involved downloaders share identical AWS-style credentials and a common process mutex GUID, linking them to a centralized toolchain. These credentials are passed to the secondary payload via environment variables, enabling the malware to configure its cloud storage engine without embedding secrets directly.

Research indicates a rising trend in credential-harvesting malware targeting open-source repositories. Once operational on a compromised machine, pepesoft.exe connects to Google Sheets to log victim data, including hardware specifics, system hostnames, and geolocation. This enables the operator to manage infected systems using a centralized kill switch.

Impact and Evidence

The attack affects various game titles, with some payloads delivered as Python bytecode, featuring Telegram bot command integration. These commands can trigger unauthorized screenshot captures, exfiltrating visible data from password managers, browser sessions, and more.

The PyArmor-protected payloads reroute blocked Google Sheets traffic via authenticated proxies, further complicating network-level defenses. Some variants alter Windows Installer policies to execute destructive cleanup routines upon exit.

Indicators such as Russian-language console output and targeting of Russian-speaking gaming communities suggest a Russian-speaking operator is behind this campaign. These findings have been reported to the NuGet security team for urgent action.

This threat highlights the critical need for vigilance in cybersecurity, especially within gaming communities. Users are advised to be wary of downloading tools from untrusted sources and to employ robust security measures to protect their systems.

Cyber Security News Tags:credential harvesting, Cybersecurity, game cheats, Gaming, Malware, NuGet packages, Phishing, Python payload, remote access, Windows security

Post navigation

Previous Post: Cloud & Data Security Summit: Key Insights Today

Related Posts

Telnyx Python SDK Backdoored by Hackers to Steal Credentials Telnyx Python SDK Backdoored by Hackers to Steal Credentials Cyber Security News
Hackers Exploit Claude Code to Steal OAuth Tokens Hackers Exploit Claude Code to Steal OAuth Tokens Cyber Security News
How To Get Real-Time IOCs From Incidents Across 15K SOCs  How To Get Real-Time IOCs From Incidents Across 15K SOCs  Cyber Security News
Mirax Android Malware Poses Dual Threat to Users Mirax Android Malware Poses Dual Threat to Users Cyber Security News
Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure Cyber Security News
New EDR-Redir Tool Breaks EDR Exploiting Bind Filter and Cloud Filter Driver New EDR-Redir Tool Breaks EDR Exploiting Bind Filter and Cloud Filter Driver Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Malicious Game Cheats Give Hackers Remote Access to PCs
  • Cloud & Data Security Summit: Key Insights Today
  • AI Challenges SASE Security: New Strategies Needed
  • Chrome 150 Update Fixes Critical Security Flaws
  • US Indicts Russians for Cybercrime Operations

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Malicious Game Cheats Give Hackers Remote Access to PCs
  • Cloud & Data Security Summit: Key Insights Today
  • AI Challenges SASE Security: New Strategies Needed
  • Chrome 150 Update Fixes Critical Security Flaws
  • US Indicts Russians for Cybercrime Operations

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark