Russia Ranks 4th Among Countries Infected with RenEngine Loader Computer Virus

Cyderes cybersecurity specialists have reported a large-scale malicious campaign that may have affected over 400,000 computers worldwide. The RenEngine loader virus was spread through pirated versions of popular games such as Far Cry, Need for Speed, FIFA, and Assassin's Creed. All users who downloaded games from torrents since at least April 2025 are at risk.

Attackers are constantly improving the virus. In October, it was updated with a tracking function and communication with a control server. By observing it, experts saw the scale of the infection: the virus attacks 4 to 10 thousand new computers daily. The most affected are in India, the USA, Brazil, and Russia.

The main task of the Trojan is to install more dangerous malware. After penetrating the system, it downloads the ARC program, created to steal confidential data: saved passwords, information from crypto wallets, cookies, clipboard history, and system information. Other threats, such as Rhadamanthys, Async RAT, and Xworm, were previously distributed through the same channel.

Currently, only some antiviruses, including Avast, AVG, and Cynet, detect RenEngine loader. Experts warn that if there is the slightest suspicion of infection, the most reliable way is to roll back the system using Windows recovery tools or completely reinstall it.

Read more on the topic:

• The Ministry of Internal Affairs warned about the spread of viruses for hacking banking applications
• Viruses from fraudulent "telecom operators" attack the phones of Russians
• Sends viruses to all contacts: Russians warned about the ClayRat spyware program