ISLAMABAD: Kaspersky Threat Research has detailed a malware campaign known as RenEngine that distributes infostealers through pirated games and unlicensed software, affecting users across multiple regions.
The cybersecurity company said it identified RenEngine activity in early 2025. While initial reports linked the threat primarily to cracked video games, further analysis revealed its use in distributing infected versions of popular productivity software.
Researchers said the attackers embedded malicious code into modified installers. When executed, the files display a legitimate-looking loading screen while background scripts activate and deploy additional malware components.
The campaign has delivered different types of infostealers over time, including Lumma, ACR Stealer and Vidar. These tools are designed to harvest credentials, financial data and system information from infected devices.
Kaspersky said the infection chain often uses HijackLoader to deliver secondary payloads. The company’s security systems detect the threat under multiple Trojan classifications.
The firm advised users to avoid unofficial download sources and to use reliable security software to mitigate risks. It also recommended maintaining updated operating systems and applications to close potential vulnerabilities.
