A free horror game on Steam turned into a real-world cybersecurity threat after a gamer discovered malware hidden within it.

Key takeaways

  • Valve removed Beyond The Dark after malware allegations surfaced.
  • The malicious payload allegedly stole passwords, browser data, and crypto wallet information.
  • Attackers reportedly hijacked an existing Steam game instead of publishing a new one.
  • The malware hid inside a modified UnityPlayer.dll file.
  • Anyone who installed the game should run antivirus scans and change passwords immediately.
  • Corngood@lemmy.mlEnglish
    22·
    20 hours ago

    I’d rather not use flatpack, but I really should figure out better sandboxing. Not just for games, but for supply chain attacks, etc.

    It’s kind of nuts that a game has access to my browser profile and all sorts of other stuff in ~.

    • DampCanary@lemmy.worldEnglish
      1·
      11 hours ago

      I know firejail nicely packs my Firefox & co. to only have access to select few /home/<uname> sub-dirs

    • magikmw@piefed.socialEnglish
      1·
      14 hours ago

      Selinux should help with this, but by default all ‘non-server’ apps can just access anything across the user’s home. Maybe I should look into this. Hmmmm.

      Edit: then again, steam games usually run via wine, using a simulated windows filesystem… Maybe they are isolated already? I really should look into this.

      • tomalley8342@lemmy.worldEnglish
        10·
        14 hours ago

        Maybe they are isolated already? I really should look into this.

        No, the Z drive in wine maps to your linux file system.