The file contained the XMRigconfiguration related to the campaign, which was visited 206,913 times.
Approximately 200 repositories and more than 225 Stargazer Ghost accounts were used to distribute GodLoader throughout September and October.
In addition to these static files, .pck files can include scripts written in GDScript (.gd).
This feature gives attackers many possibilities, from downloading additional malware to executing remote payloadsall while remaining undetected.
The Godot Engine is a programming system with a scripting language.
It is akin to, for instance, the Python and Ruby runtimes.
It is possible to write malicious programs in any programming language.
We do not believe that Godot is particularly more or less suited to do so than other such programs.
Users who merely have a Godot game or editor installed on their system are not specifically at risk.
We encourage people to only execute software from trusted sources.
For some more technical details:
Godot does not register a file handler for .pck files.
This means that a malicious actor always has to ship the Godot runtime together with a .pck file.
There is no way for a malicious actor to create a one click exploit, barring other OS-level vulnerabilities.
source: www.techworm.net
