PipeMon

Description

(ESET) In February 2020, we discovered a new, modular backdoor, which we named PipeMon. Persisting as a Print Processor, it was used by the Winnti Group against several video gaming companies that are based in South Korea and Taiwan and develop MMO (Massively Multiplayer Online) games. Video games developed by these companies are available on popular gaming platforms and have thousands of simultaneous players.

In at least one case, the malware operators compromised a victim’s build system, which could have led to a supply-chain attack, allowing the attackers to trojanize game executables. In another case, the game servers were compromised, which could have allowed the attackers to, for example, manipulate in-game currencies for financial gain.

Names

Name
PipeMon

Category

Malware

Type

• Backdoor

Information

• https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/

Mitre Attack

• https://attack.mitre.org/software/S0501/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.pipemon

Other Information

Uuid

6e57fffd-aa82-4059-b3a3-9b8b8d2d834c

Last Card Change

2022-12-30