Jump to content
Free PC Help Forum
Logging In to Free PC Help Forum Has Changed

CounterStrike Hacking Tool Overwrites Cheaters' Hard Drive MBR

starbuck
 Share

Recommended Posts

starbuck Newbie

starbuck

Posted
Posted

720804ff96b329a46b64934b00598e5c.jpg

 

CounterStrike gamers looking for an advantage over their competition might be in for a surprise this Christmas, as there's a booby-trapped cheat tool going around that will overwrite their hard drive MBR (Master Boot Record) and prevent their computers from booting.

 

Discovered by a Twitter user that goes by the name of @YoureMom696 and analyzed by @MalwreHunterTeam, this malicious package is spread around as the source code of a CounterStrike: Global Offensive (CS:GO) hacking application named ExternalCounterstrike.

 

Below is the content of the ExternalCounterstrike archive [without the "fuck_mpgh.exe" file, which is downloaded at a later stage, more on this later].

 

b35854e853bd5e3469f122d81752b184.png

 

"When you open the solution [.sln] file, it loads the .csproj file, which executes a PowerShell command, which downloads and run the [fuck_mpgh]exe binary," MalwareHunter, a security researcher with the MalwareHunterTeam, told Bleeping Computer.

 

df2779bff92f322ba72c1a00e591fffb.jpg

 

This EXE file rewrites the user's hard drive MBR (Master Boot Record) with a custom boot routine that only shows a piece of text, as portrayed below. The text reads:

 

Multiplayer Game Hacking

As you reboot, you find that something has overwritten your MBR!

It is a sad thing your adventures have ended here.

This is the result of the incompetent file analyzers from MPGH.

If you need cheats, use something else than MPGH.

Greetings from ULLR. <3

 

The message references MPGH, which stands for "MultiPlayer Game Hacking & Cheats," a well-known forum for downloading gaming cheats.

 

Taking into account the message's anti-MPGH tone and the name of the second-stage EXE download (fuck_mpgh.exe), it's very likely that a malware author is trolling the MPGH forum and its users, infecting the ones looking for new CS:GO cheating tools with an MBR-hijacker.

 

Connection to the Fosshub incident?

 

The MBR boot message is eerily similar to another incident that took place over the summer when a hacker from the Peggle Crew had breached Fosshub and embedded malware inside the files hosted on the website.

 

The malware that was delivered via Fosshub was also rewriting MBR boot sectors with a custom message, similar to the one found inside ExternalCounterstrike.

 

ad4378534f854cae6ccd3212ebfdd532.jpg

 

 

 

Source:

https://www.bleepingcomputer.com/news/security/counterstrike-hacking-tool-overwrites-cheaters-hard-drive-mbr/

76c90dd0e79a714317a8daeecc1584d2.png

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...