OverwriteMBR Poses as a CS:Go Cheat Tool
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
Computer security researchers uncovered a dangerous new virus that poses as a Counter Strike: Global Offensive (CS:GO) cheating tool called ExternalCounterstrike.
The threat is being distributed in archive file posing as source code for the hacking program. Its contents include the following:
- ExternalCounterstrike Folder
- packages Folder
- ExternalCounterstrike.sln file
- fuck_mpgh.exe executable file
The executable binary file named fuck_mpgh.exe is downloaded at a later stage. When the user opens up the archive initially he can open the .sln file. It contains a .csproj file which issues a PowerShell command which is used to download the binary. It is then executed.
The OverwriteMBR is then executed which compromises the user’s Master Boot Record with a custom boot routine which displays the following text:
Multiplayer Game Hacking
As you reboot, you find that something has overwritten your MBR!
It is a sad thing your adventures have ended here.
This is the result of the incompetent file analyzers from MPGH.
If you need cheats, use something else than MPGH.
Greetings from ULLR. <3
The messages include a reference to the MPGH forum which is used to download gaming cheats.
OverwriteMBR Distribution
The OverwriteMBR malware’s message is very similar to another incident that occurred in the summer. The hacker collective Peggle Crew breached the Fosshub site and and placed malware inside the hosted software packages. They rewrote the MBR boot records with a custom message that bears a striking resemblance to this threat.
AS YOU REBOOT YOU FIND THAT SOMETHING HAS OVERWRITTEN YOUR MBR!
IT IS A SAD THING YOUR ADVENTURES HAVE ENDED HERE!DIRECT ALL HATE TO PEGGLECREW (@CULTOFRAZER ON TWITTER)
GREETZ:
ECLIPSO, BURSV, CONFLICT, WIZARDS OF THE COAST, JEWINVADER
LAGFISH, ROLAND, JOSH BURRESS, JACOB GRUENTZEL, AF, TERIDAX
JOHN CENA, ETHAN RALPH, VINCE (RIP)
The malware attacks compromised victims located in the United Kingdom.
To protect yourself from such attacks you should never download any software from untrusted sites. Sites, forums and torrent trackers that distributed mods, cheats and other game supplements are notorious for distributing malware files. We highly recommend that you use a trusted anti-spyware solution to remove potential threats from your computer and protect it in the future .
SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter
Images source: Bleeping Computer