Leaked source code of GTA San Andreas allegedly contains ransomware

Cyber criminals have allegedly published the complete code of the video game "GTA San Andreas" on the internet. But be careful if you want to look inside: security researchers assume that the data is fake and only serves as a lure. The Rhysida blackmail Trojan is said to be hiding in the data package.

Fake leak

This is partly due to an X-Post by PliskinDev, which deals with the reverse engineering of the source code of GTA and other games developed by Rockstar Games. Using reverse engineering, developers try to crack the developers' black box to reconstruct the code. This can then serve as the basis for extensive modifications to a game.

PliskinDev's screenshots show that the archive contains files titled in the context of GTA, but this is supposed to be just hot air. They assume that the Rhysida ransomware is lurking in the archive. If the Trojan is executed, it encrypts data and extorts a ransom.

It is currently unclear whether this has already happened and to what extent the data is being distributed. Interested developers should give the archive a wide berth to avoid infecting their computer with malware.

Blackmail

The Rhysida group attacked the game developer Insomniac at the end of 2023 and leaked data from unreleased games. The source code for GTA V was also published during this period. This in turn can be traced back to a cyberattack in 2022 by the Lapsus$ group. It is currently unknown whether the current incident is connected to this attack.

(des)