Potential Compromise of Blizzard's Battle.net Installer with Amadey Malware
Recent reports indicate that the Battle.net installer, distributed by Blizzard Entertainment, may be compromised with the Amadey malware. Multiple antivirus engines on VirusTotal flagged the installer as potentially malicious, with detections including the Amadey botnet malware. Additionally, Filescan.io reported the installer as malicious with high confidence due to a match with a malicious YARA rule and the presence of Amadey bytecode. The Amadey malware is known for its botnet capabilities, including information theft and additional payload delivery. The installer exhibits suspicious behaviors such as debugger detection and evasion loops, suggesting an attempt to avoid analysis and detection. Furthermore, the National Institute of Standards and Technology (NIST) has issued two vulnerability notices concerning Battle.net, indicating potential exploitation vectors. However, specific details about these vulnerabilities are not provided in the source material. At this time, there is no official response from Blizzard regarding these findings. The presence of multiple indicators of compromise (IOCs) suggests a strong likelihood that the Battle.net installer may be distributing malware. However, without further forensic analysis or confirmation from Blizzard, definitive conclusions cannot be drawn. For cybersecurity professionals, this incident underscores the critical importance of supply chain security. Organizations should investigate systems where the Battle.net installer has been executed for signs of Amadey infection, monitor network traffic for botnet communication patterns associated with Amadey, consider temporarily blocking the installation of Battle.net until Blizzard provides an official statement or a verified clean version, update endpoint protection solutions to detect and block the identified threats, and educate users about the risks and advise caution when installing software, even from trusted vendors. This situation serves as a reminder that even well-established companies can become vectors for malware distribution. Continuous monitoring and verification of software integrity are essential practices in maintaining robust cybersecurity defenses.