RenEngine loader, spreading through illegal copies of games, infected 400,000 computers

Cyber Threats: RenEngine Loader Virus Hits Over 400,000 PCs

Cybersecurity experts have identified a new malicious software package – the RenEngine loader, which is estimated to have infected more than four hundred thousand Windows computers worldwide. The virus spreads alongside pirated copies of popular PC games.

How It Was Detected and How It Spreads
- Researchers at Cyderes discovered the threat in illegal distributions of series such as *Far Cry*, *Need for Speed*, *FIFA*, and *Assassin’s Creed*.
- The malware embeds itself into a legitimate Ren’Py game installer, from which it got the name *RenEngine loader*.
- It has existed at least since April last year and remains active. In October it received a major update: a telemetry module was added that contacts a fixed address on every launch.

Scale of Infection
- According to researchers, more than 400,000 machines have already been affected.
- Every day the malware registers between 4,000 and 10,000 new victims.
- The highest concentrations are in India, the United States, Brazil, and Russia.
- Infected games are downloaded from a single site that had previously been used in other cyber campaigns.

What RenEngine Loader Does
1. Installs the ARC data‑stealer: it collects saved browser passwords, cookies, cryptocurrency wallet data, autofill information, system details, and clipboard contents.
2. Through its loader additional payloads are deployed: Rhadamanthys, Async RAT, and Xworm – all designed for data theft and remote PC control.

Protection and Antivirus Response
- In the early stages of the attack only Avast, AVG, and Cynet recognize RenEngine loader.
- In other cases, if infection is suspected, it is recommended to use Windows recovery tools or perform a full system reinstall.

Conclusion: The RenEngine loader virus continues to actively infect computers worldwide via pirated games, gathering personal data and providing attackers with remote access. Users should keep their antivirus software up to date and avoid downloading games from dubious sources.