In a recent discovery, Cyble Research and Intelligence Labs (CRIL) has detected a deceptive GitHub page that masquerades as a PUBG bypass hack project.
Unsuspecting users who download the project’s solution file (.sln) unknowingly become victims of a malicious information-stealing malware called “Legion Stealer.”
By executing the solution file (.sln), users inadvertently invite the Legion Stealer, an insidious information-stealing malware, onto their systems.
Legion Stealer is a malicious program that steals sensitive information from the victim’s computer.
It performs various actions to avoid detection and gather data, such as manipulating Windows Defender settings, extracting information from the registry, and collecting system details like the operating system, RAM size, and CPU information.
It also targets web browsers, extracting passwords and cookies, and searches for cryptocurrency wallets, Minecraft session files, and data from messaging applications.
The stolen data is compressed and sent to a Discord server through webhooks.
PUBG bypass hacks and malicious GitHub repositories
Malicious actors have been found using various tactics to deceive users on GitHub. They create repositories that outwardly appear useful or legitimate, luring unsuspecting victims into cloning or downloading them.
However, beneath the surface, these repositories house concealed malware and hidden code.
With enticing names and descriptions, the repositories masquerade as genuine projects or offer valuable tools, tricking users into executing malicious code.
Victims to these repositories become vulnerable to malware infections.
“Hacks such as these can allow players to see through walls, automatically aim at opponents, move faster than normal, and perform other actions that are not possible within the regular gameplay mechanics of the game,” said the CRIL report.
“Using bypass hacks is against the game’s terms of service and can result in penalties, including temporary or permanent bans.”
When users visit the “PUBG-Karogour-Bypass-NO-BAN” GitHub page and click on the “Download ZIP” option, they save a file to their computer.
This file contains different types of files, such as source code, project files, icons, and resources. One of these files, named “Karogour_BypasrcS.sln,” appears to be a solution file for a C# project but is actually a harmful executable file.
When the “Karogour_BypasrcS.sln” file is executed, it secretly drops two other files called “Local_ycsNYnaBZ.sln” and “LocalchfRgyVJSk.exe” in a hidden location on the computer.
The “Local_ycsNYnaBZ.sln” file opens in the Visual Studio editor to deceive the user, while the “LocalchfRgyVJSk.exe” file runs in the background without the user’s knowledge.
This hidden file is identified as the Legion Stealer malware payload.
Understanding PUBG bypass hacks and their implications
PUBG’s popularity has made it a regular entry in cybersecurity news.
A type of ransomware spotted in 2018 encrypted various types of files, such as images, music, and documents, and holds them hostage until a specific condition is met.
In this case, the condition is playing the game Playerunknown’s Battlegrounds (PUBG) for one hour. Only after fulfilling this requirement will the ransomware release the encrypted files.
A PUBG bypass hack refers to an illicit method employed by players to gain an unfair advantage over others in the popular battle royale game.
These hacks are designed to circumvent the game’s security measures and anti-cheat systems, granting players access to various cheats and exploits such as aimbots, wallhacks, and speed hacks.
However, the use of bypass hacks is strictly prohibited by the game’s terms of service and can result in severe consequences, including temporary or permanent bans.
GitHub, known as a reliable web platform for version control and collaborative software development projects, finds itself caught in a double bind.
While it effectively facilitates legitimate code sharing and collaboration, it also becomes an attractive hub for Threat Actors (TAs) to disseminate malware, backdoors, and exploits through repositories.
The very nature of GitHub, designed for seamless collaboration, can be exploited by malicious actors to trick unsuspecting users into downloading and executing their hidden payloads, warned the CRIL report.
To protect yourself from such attacks, it is important to be cautious when downloading files and to avoid sources that are not trustworthy, the report advised.
“Regularly clear your browsing history and change passwords to minimize the risk of compromise,” a CRIL researcher told The Cyber Express.
According to the researcher, enabling automatic software updates on your devices to getting the latest security patches also helps in a great way.
“Install reputable antivirus and internet security software to protect your devices from malware. Be vigilant and avoid clicking on untrusted links or opening email attachments without verifying their authenticity,” the researcher added.
