Steam removes horror game after malware steals player data

Submitted ⁨⁨6⁩ ⁨days⁩ ago⁩ by ⁨sundray@lemmus.org⁩ to ⁨games@lemmy.world⁩

https://www.bitdefender.com/en-us/blog/hotforsecurity/steam-horror-game-malware

Key takeaways

Valve removed Beyond The Dark after malware allegations surfaced.

The malicious payload allegedly stole passwords, browser data, and crypto wallet information.

Attackers reportedly hijacked an existing Steam game instead of publishing a new one.

The malware hid inside a modified UnityPlayer.dll file.

Anyone who installed the game should run antivirus scans and change passwords immediately.

source

Comments

Sort:hotnew top

Corngood@lemmy.ml ⁨6⁩ ⁨days⁩ ago
I’d rather not use flatpack, but I really should figure out better sandboxing. Not just for games, but for supply chain attacks, etc.

It’s kind of nuts that a game has access to my browser profile and all sorts of other stuff in ~.

source
- DampCanary@lemmy.world ⁨6⁩ ⁨days⁩ ago
  I know firejail nicely packs my Firefox & co. to only have access to select few /home/<uname> sub-dirs
  
  source
- magikmw@piefed.social ⁨6⁩ ⁨days⁩ ago
  Selinux should help with this, but by default all ’non-server’ apps can just access anything across the user’s home. Maybe I should look into this. Hmmmm.
  
  source
  - tomalley8342@lemmy.world ⁨6⁩ ⁨days⁩ ago
    
    Maybe they are isolated already? I really should look into this.
    
    No, the Z drive in wine maps to your linux file system.
    
    source
Hairyfishnuts@feddit.online ⁨6⁩ ⁨days⁩ ago
So basically I need to remove Steam altogether. Gotcha.

source
- EnderofGames@sh.itjust.works ⁨6⁩ ⁨days⁩ ago
  Go ahead and remove your internet browser, too, since they can also hijack that.
  
  source
  - Oka@sopuli.xyz ⁨6⁩ ⁨days⁩ ago
    Might as well delete your System32 folder as well, they’ll go for that next.
    
    source
- tidderuuf@lemmy.world ⁨6⁩ ⁨days⁩ ago
  Probably easier to just not download and install every game in your library, which I’m guessing is like 5.
  
  source
Katana314@lemmy.world ⁨6⁩ ⁨days⁩ ago
Long ago when Linux was a complete underdog (0.001% of users or something) it was touted as being vastly more secure than Windows, and that was probably true. But, convenience always battles with security in adverse ways, and Steam does aim to be very convenient.

I remember for a time any Xbox-app game would prop up a UAC permissions dialog each time you’d newly installed a game. Those apps are also un-moddable due to package signing. It was very annoying, but part of me thought “…Theoretically, Steam should be doing at least something like this.”

source
Rai@lemmy.dbzer0.com ⁨6⁩ ⁨days⁩ ago
The “FAQ” on this article feels like they just took an LLM sum marry and added it to the bottom hahaha

source
- SaltySalamander@fedia.io ⁨5⁩ ⁨days⁩ ago
  
  sum marry
  
  🙄
  
  source
  - Rai@lemmy.dbzer0.com ⁨5⁩ ⁨days⁩ ago
    You entered seen a mobile phone autocorrect mistake before, I take it?
    
    source
    -> View More Comments