New Blitz Malware Targets Windows Servers to Deploy Monero Miner

A new Windows-based malware named Blitz has been identified in 2024, with an updated version detected in early 2025.

This malware, actively developed and distributed through deceptive game cheats, poses a significant threat by deploying a Monero cryptocurrency miner alongside information-stealing and denial-of-service (DoS) capabilities.

Detailed analysis by Palo Alto Networks’ Unit 42 reveals that Blitz operates in two stages a downloader and a bot payload leveraging unconventional platforms like Hugging Face Spaces for its command and control (C2) infrastructure.

This strategic abuse of legitimate AI code repositories highlights the evolving tactics of cybercriminals aiming to evade detection while targeting unsuspecting users, particularly in the gaming community.

Technical Intricacies

Blitz malware primarily spreads through backdoored game cheats for the popular mobile game Standoff 2, which boasts over 100 million downloads by April 2025.

These malicious packages, named Elysium_CrackBy@sw1zzx_dev.zip ...