New PipeMon malware uses Windows print processors for persistence
The Winnti hacking group has targeted video game companies again in a new campaign that utilizes recent malware called PipeMon, a modular backdoor that was identified earlier this year. PipeMon was discovered on servers belonging to video game developers of games that feature multiplayer options (massively multiplayer online) games.
The group, Winnti, has been active since 2011, with most of its victims being from the video game and software industry. However, the group has been known to target healthcare and education organizations infrequently. Winnti is most well-known for supply chain attacks that involve trojanizing popular software such as Asus LiveUpdate, CCleaner, and NetSarang. The campaign was discovered in February when researchers noticed two variants of the malware on servers of massively multiplayer online games from South Korea and Taiwan.