<!--DEBUG:--><!--DEBUG:dc3-united-states-software-in-english-pdf-2--><!--DEBUG:--><!--DEBUG:dc3-united-states-software-in-english-pdf-2--><!--DEBUG-spv-->{"id":3460107,"date":"2026-02-06T23:43:21","date_gmt":"2026-02-06T21:43:21","guid":{"rendered":"http:\/\/nhub.news\/?p=3460107"},"modified":"2026-02-07T08:21:52","modified_gmt":"2026-02-07T06:21:52","slug":"malware-hidden-in-pirated-games-infects-400000-devices","status":"publish","type":"post","link":"http:\/\/nhub.news\/de\/2026\/02\/malware-hidden-in-pirated-games-infects-400000-devices\/","title":{"rendered":"Malware Hidden in Pirated Games Infects 400,000 Devices"},"content":{"rendered":"<p style=\"text-align: justify;\"><b>Security researchers uncover evidence that the Windows-based &#8218;RenEngine loader&#8216; malware has infected around 30,000 users in the US alone.<\/b><br \/>\nA new strain of Windows-based malware has been circulating through pirated PC games and may have infected over 400,000 devices. <br \/>Researchers at cybersecurity vendor Cyderes are warning about the threat, which has been hiding inside cracked games and modified game installers for franchises including Far Cry, Need for Speed, FIFA, and Assassin\u2019s Creed.<br \/>The malware has been dubbed \u201cRenEngine loader\u201d because some of the malicious code has been embedded inside a legitimate Ren\u2019Py launcher, an engine used to run visual novel games. \u201cWhile these cracked games appear functional, they silently deliver embedded malware alongside the playable content,\u201d the researchers wrote. <br \/>The malware has been around since at least last April and remains active. Cyderes also uncovered evidence that the threat has infected over 400,000 victims globally because the malware was updated to include telemetry tracking data back in October. \u201cThe telemetry URL is embedded in the malware and can be reached whenever the malicious RenEngine loader executes,\u201d the researchers added. <br \/>The telemetry tracker shows the malware is usually logging about 4,000 to 10,000 visitors per day, with the highest concentration of victims observed in India, the United States, and Brazil, the company\u2019s report adds. <br \/>Cyderes points to one site, \u201cdodi-repacks[.]site,\u201d for hosting the malware-laden game downloads. The domain has been previously flagged in other malware campaigns. <br \/>The attack also leverages the Ren\u2019Py launcher to archive the pirated game files. Executing the launcher decompresses the game files while secretly kicking off the malware\u2019s installation. Cyderes spotted the RenEngine loader ultimately trying to deliver a Windows-based information stealer called ARC to harvest sensitive data from victim PCs, including \u201csaved browser passwords, cookies, cryptocurrency wallets, and autofill information, along with system details and clipboard contents.\u201d<br \/>\u201cIn other similar scenarios, we observed different payloads such as Rhadamanthys stealer, Async RAT, and XWorm delivered via RenEngine Loader,\u201d which can also steal passwords or enable a hacker to remote hijack the PC, Cyderes warned. <br \/>Except for Avast, AVG, and Cynet, it appears that most antivirus engines currently don\u2019t recognize the initial stage of the malware as a threat, according to Google\u2019s malware-checking service VirusTotal. Affected users can consider using Windows&#8217;s System Restore or reinstalling the OS as a nuclear option if they suspect their PC contains malware.<\/p>\n<script>jQuery(function(){jQuery(\".vc_icon_element-icon\").css(\"top\", \"0px\");});<\/script><script>jQuery(function(){jQuery(\"#td_post_ranks\").css(\"height\", \"10px\");});<\/script><script>jQuery(function(){jQuery(\".td-post-content\").find(\"p\").find(\"img\").hide();});<\/script>","protected":false},"excerpt":{"rendered":"<p>Security researchers uncover evidence that the Windows-based &#8218;RenEngine loader&#8216; malware has infected around 30,000 users in the US alone. A new strain of Windows-based malware has been circulating through pirated PC games and may have infected over 400,000 devices. Researchers at cybersecurity vendor Cyderes are warning about the threat, which has been hiding inside cracked [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3460106,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[93],"tags":[],"_links":{"self":[{"href":"http:\/\/nhub.news\/de\/wp-json\/wp\/v2\/posts\/3460107"}],"collection":[{"href":"http:\/\/nhub.news\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/nhub.news\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/nhub.news\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/nhub.news\/de\/wp-json\/wp\/v2\/comments?post=3460107"}],"version-history":[{"count":1,"href":"http:\/\/nhub.news\/de\/wp-json\/wp\/v2\/posts\/3460107\/revisions"}],"predecessor-version":[{"id":3460108,"href":"http:\/\/nhub.news\/de\/wp-json\/wp\/v2\/posts\/3460107\/revisions\/3460108"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/nhub.news\/de\/wp-json\/wp\/v2\/media\/3460106"}],"wp:attachment":[{"href":"http:\/\/nhub.news\/de\/wp-json\/wp\/v2\/media?parent=3460107"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/nhub.news\/de\/wp-json\/wp\/v2\/categories?post=3460107"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/nhub.news\/de\/wp-json\/wp\/v2\/tags?post=3460107"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}