Intel Name: Blitz malware: a tale of game cheats and code repositories
Date of Scan: June 9, 2025
Impact: Medium
Summary: Blitz is a Windows-based malware first discovered in 2024 and actively developed into early 2025. It spreads via backdoored game cheats and operates in two stages: a downloader and a bot payload. The malware’s developer abused Hugging Face Spaces—a platform for hosting AI models—as part of Blitz’s command and control (C2) infrastructure. A Monero cryptocurrency miner was also deployed as a follow-up payload. The malware was promoted through social media, but by May 2025, the developer announced their exit, suggesting the project may have been abandoned. Hugging Face has since locked the associated account and blocked the malware’s files.
