this post was submitted on 28 Nov 2024
54 points (80.0% liked)

Godot

6010 readers
45 users here now

Welcome to the programming.dev Godot community!

This is a place where you can discuss about anything relating to the Godot game engine. Feel free to ask questions, post tutorials, show off your godot game, etc.

Make sure to follow the Godot CoC while chatting

We have a matrix room that can be used for chatting with other members of the community here

Links

Other Communities

Rules

We have a four strike system in this community where you get warned the first time you break a rule, then given a week ban, then given a year ban, then a permanent ban. Certain actions may bypass this and go straight to permanent ban if severe enough and done with malicious intent

Wormhole

[email protected]

Credits

founded 2 years ago
MODERATORS
 

cross-posted from: https://lemmy.zip/post/27055106

​Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 4 weeks ago (4 children)

But this is bad news for game jams. Participants are not really trustworthy and those who do not build for HTML5 should not be evaluated.

[–] [email protected] 12 points 3 weeks ago* (last edited 3 weeks ago)

A web version is often a requirement (in my limitted jam experience).

[–] [email protected] 4 points 3 weeks ago

This has always been true. If you are downloading an exe off the internet, it can be malicious. I am amazed by the streamers and Youtubers that seem willing to run anything. When I gamejam, I only write games that work in the browser and I only test/rate games that do the same. Unless you have a quarantine machine purpose built for running unknown code, it is really the only option.

[–] [email protected] 3 points 3 weeks ago

I mean... Every game you download and run can do almost anything on your computer, no matter what it's written in. It's just code.

My first C2 agent I made for our malware to use in Red Teamings was a Unity Engine headless server.

[–] [email protected] 2 points 3 weeks ago (1 children)

Last time I checked you can spawn processes from any game engine, making this a moot point.

[–] [email protected] 4 points 3 weeks ago (1 children)

Thats true for anything that runs as a native app, but html builds will be sandboxed by the browser.

[–] [email protected] 2 points 3 weeks ago

True, but the comment I was responding about not trusting non-web builds. This could imply that it's only for non-web build Godot games while you could easily do this with any engine.