Gamehack

Category: pua_tool · Aliases: HackTool.GameHack, PUP.CheatEngine, RiskWare.GameHack · Sample count (EMBER 2018): 1,656 · Enrichment: documented_reference_only · Updated: 2026-07-02T09:01:15Z

Overview

Executive Summary

GameHack (often detected as HackTool.GameHack or PUP.GameHack) is a generic classification for software designed to illicitly modify video games. These tools, which include "trainers," memory editors (like Cheat Engine), and aimbots, are used by players to gain unfair advantages. While the tools themselves may not inherently be designed to steal corporate data, their presence in an enterprise environment represents a severe security risk due to their behavior and the extremely high likelihood of them being bundled with actual, destructive malware.

Infection Vector and Technical Capabilities

GameHacks are intentionally downloaded by users, typically from shady forums, peer-to-peer networks, or Discord servers. Because the tools are designed to modify other running programs, security software routinely blocks them. Consequently, users are frequently instructed by the download site to explicitly disable their antivirus or add an exclusion to run the "hack." From a technical perspective, GameHacks utilize techniques identical to advanced malware:

Threat Assessment

The presence of a GameHack on a corporate device is a critical security violation. Even if the specific tool is not actively malicious, the user's willingness to download untrusted executables, bypass AV controls, and grant kernel-level access represents an unacceptable risk posture that frequently leads to severe data breaches.

Incident Response and Remediation

Known aliases

Threat reports may refer to this family under multiple names:

MITRE ATT&CK Techniques

This family has been observed using the following ATT&CK techniques: T1055 T1014 T1068

Generated Detections (Boilerplate)

These YARA and Sigma rules are auto-generated based on the family name and aliases. They must be heavily tuned before deployment in a production environment.

YARA Rule

rule MALWARE_WIN_GAMEHACK {
    meta:
        description = "Detects Gamehack (pua_tool)"
        author = "SystemHelpdesk Boilerplate Generator"
        date = "2026-07-06"
    strings:
        $s1 = "gamehack" ascii wide nocase
        $s2 = "hacktool.gamehack" ascii wide nocase
        $s3 = "pup.cheatengine" ascii wide nocase
        $s4 = "riskware.gamehack" ascii wide nocase
    condition:
        uint16(0) == 0x5a4d and any of them
}

Sigma Rule

title: Suspicious Gamehack Activity
id: 99bfd72e5310c342be001578012f0643
status: experimental
description: Detects generic indicators of the gamehack malware family.
logsource:
    category: process_creation
    product: windows
detection:
    selection:
        Image|endswith:
            - '\cmd.exe'
            - '\powershell.exe'
        CommandLine|contains:
            - "*gamehack*"
            - "*hacktool.gamehack*"
            - "*pup.cheatengine*"
            - "*riskware.gamehack*"
    condition: selection
level: medium

References & External Analysis

Frequently Asked Questions

Where can I learn more about gamehack?

Refer to the linked MITRE ATT&CK technique pages, which document the behaviors associated with this family.

Related Families (Category: pua_tool)

Explore other malware families in the same category:

Need help with an active incident? Published by the SystemHelpdesk team.

Machine-readable

Get this profile as JSON: https://jordanricky1604-ship-it.github.io/malware-families-catalog/api/gamehack.json

Ecosystem & Interactive Environments

This profile is part of the Malware Families Catalog, a public dataset of 2,899 malware families. The catalog is also published across our ecosystem: Hugging Face, Kaggle, Replit, StackBlitz, CodeSandbox, and CodePen.