JAKARTA – Kaspersky Threat Research Team has released their technical analysis of RenEngine, a malware loader that recently caught the public’s attention.
Kaspersky has identified the RenEngine sample since March 2025. In addition to games, researchers found that attackers created dozens of websites that distributed RenEngine through pirated software, including graphic editors such as CorelDRAW.
The attackers even created dozens of fake websites to spread this malware, so that it not only targets gamers, but also general users who are looking for free software without a license.
Kaspersky has recorded incidents in Russia, Brazil, Turkey, Spain, and Germany, among other countries. The distribution pattern shows the opportunistic nature of the attack rather than a targeted operation.
The campaign works by injecting malware into the installation file. When the user runs the installer, a fake loading screen appears, while the malicious script runs in the background.
This malware is able to evade detection, open hidden payloads, and initiate a staged attack using tools such as HijackLoader.
In some cases, the malware distributed included Lumma Stealer, ACR Stealer, and Vidar Stealer, which function to steal user sensitive data.
To stay protected, Kaspersky recommends:
Download games and software only from official sources. Pirated content remains one of the most common methods of malware distribution. Use a reliable security solution to identify malicious activity even when malware masquerades as legitimate software. Update your operating system and applications to ensure known vulnerabilities have been patched. Beware of “free” offers. If a paid game or software is available for free download on an unofficial site, it’s likely your security will be sacrificed.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language.
(system supported by DigitalSiber.id)
