A malware loader, now named GodLoader, has been observed to be using Godot, a free and open-source game engine, as its runtime to execute malicious codes and has dropped known malware on at least 17,000 machines.
Unaware users of the engine — which helps create 2D and 3D games and deploy them across various platforms including Windows, macOS, Linux, Android, iOS, and web browsers — are tricked into downloading the loader posing as legitimate cracks for the paid software.
“Check Point Research discovered a new technique taking advantage of Godot Engine, a popular open-source game engine, to execute crafted GDScript, code which triggers malicious commands and delivers malware,” said the researchers credited with the discovery in a blog. “The technique remains undetected by almost all antivirus engines in VirusTotal.”