Battlefield 6 Bootleg Comes with Crypto Theft Malware Giveaway

Bitdefender warns of bootleg Battlefield 6 game. Comes with crypto theft malware giveaway.

Reputed to be a bootleg video game or trainer, there is a strong possibility that there may be a giveaway or a malicious program like malware, as in this news.

According to a report by the official website of the anti-virus developer, Bitdefender has mentioned the detection of an impersonation of the video game Battlefield 6, the latest installment of the Battlefield series, a popular 1st-person shooter video game (FPS or First Person Shooting) from the EA camp (Electronic Arts). In this impersonation, there are three different formats:

Battlefield 6's fake (Trainer) game cheat program

This fake game cheat program comes from a fake website called https [:] / / flingtrainer [.] io /), and it can come from other websites that have been drugged by hackers. These websites appear when the word "Battlefield 6 trainers" is searched on Google. The file contains anonymous malware. The source simply indicates that it is a malware type that steals data from the victim's machine or a small, unsophisticated Infostealer. It does not use code to harass the Obfuscation system, but has the ability to steal a variety of data. The malware is capable of stealing data as follows:

The data of the kerrency script wallet in add-on form on Chrome web browsers like iWallet and Yoroi.

Session Cookie and Cryptokerrency Wallet Applications on Chrome, Edge, Firefox, Opera, Brave, Vivaldi, and WaveBrowser Web Browsers

Token, Usage and Password to Use Discord Chat Application

All stolen data is sent to IP number 198 [.] 251 [.] 84 [.] 9 via the HTTP protocol with a non-encrypted message (Plaintext).

Cracked version of the Battlefield 6 video game file "Battlefield 6.GOG-InsaneRamZes"

This file also has malware latency. It is a cracked video game file that has been released for download on the Torrent file sharing network. Although the type is not clearly specified, it is also expected to be a smuggling type of malware. It is expected that the malware will act to steal passwords from web browsers and chat applications like Discord. In addition, the malware has many interesting capabilities, such as

The ability to choose a location to attack without attacking a machine in Russia or the former Soviet Union with local codes on systems like RU, AM, AZ, BY, KZ, KG, LT, and UZ to prevent being hunted down makes this malware expected to come from Russia.

The ability to detect (Hash) Windows API keys from system DLL files such as GetSystemDefaultLCID, GetLocaleInfoW, and GetUserGeoID to be stored for later use.

Anti-Sandbox protection by using test functions such as GetTickCount () by checking if the machine is running on the Sandbox system by monitoring the uptime of the unit

In addition, the Memory String has been found to identify developer tools such as CockroachDB, Postman, BitBucket, and FastAPI. It is expected that malware may focus on stealing the API Key or the passwords within the database that these software runs or maintains.

Cracked Battlefield 6 Version Video Game File Battlefield 6 V4.8.8 DLCs - Bonuses -RUNE

This file contains the C2 Agent tool for creating malware persistence on the victim's machine to guarantee that the malware can always contact the C2 (Command and Control) server by impersonating the Disc Image for installing the game with downloadable content or DLC in the ISO file format.

The file itself is hidden in the 25 MB MZ Executable format. There is a compressed ZLIB Object. After running the file, it will lead to the following steps:

Like a ZLIB file out.

The system will write the 2GreenYellow.dat file to the user's directory.

After that, the malware will quietly run such files via regsvr32.exe / s / i "C: Users2GreenYellow.dat

Flag / i on the Path. Running in the first step leads to DllInstall's Export function that will lead to the unwinding of the DLL file as follows:

DllRegisterServer

DllInstall

DllUnRegisterServer

After that, the DLL will contact ei-in-f101 [.] 1e100 [.] net, which may be a C2 server or a Relay intermediary. The domain is under the service of Google.

If the contact is successful, the C2 server can run to install malware files on the victim's machine or secretly steal Exfiltration from the victim's machine.

# Recap 2025 # Take care of yourself # Open budget # Includes IT matters # Trending