Valve Bolsters Security After Hackers Infected Steam Games With Malware
Threat actors and malicious hackers have been targeting gamers with malware for quite some time, as they can be easy targets who download and run strange things from the internet all the time. Such was the case with a trojanized Super Mario game earlier this year that could have stolen information, run ransomware, or other nefarious actions. Now, rather than go through sketchy loaders and indie-published games, hackers are going straight to the source by popping Steam developer accounts and updating games with malware.
Earlier in the week, X user Simon Carless of GameDiscoverCo noticed that Steam developers would now be required to confirm game updates or the addition of users via text message. This was announced in a Steamworks post explaining that “if you want to update a build to the default branch, Steam will text you a confirmation code,” at which point “you will need to enter this code in order to set the default branch.” If a developer does not have a phone, Valve explains that they will need to get one or some way to get text messages to make changes to their game.
This is ultimately a great change, but it is a shame that it is borne out of necessity, as it appears that a hacker had managed to compromise a game developer earlier this summer. In reply to Carless, game dev Benoît Freslon reported that all their accounts were compromised by theft of access tokens and that they “just used my dev account to release the game a few hours before the hack.” Subsequently, the hacker uploaded malware to Steam through the game, likely NanoWar: Cells VS Virus, which was then pushed to people who have since been notified of the breach.
At the end of the day, attackers will always find new and innovative ways of compromising people and pushing malware into the world. As such, it is recommended that everyone practices good cybersecurity hygiene, with strong passwords, two-factor authentication, and updated anti-malware software installed. As it turns out, even simple leisure activities like gaming could be leveraged against you, and you might not even know it.
