Security researchers have uncovered four malicious game modes for the popular Dota 2 video game that were used by a malicious actor to gain access to players' systems. The attacker created the game modes and posted them on the Steam store, as discovered by Avast Threat Labs researchers. The game modes were named Overdog no annoying heroes, Custom Hero Brawl, and Overthrow RTZ Edition X10 XP, according to Avast malware researcher Jan Vojtěšek. The malicious code included in the game modes was designed to test server-side Lua execution capabilities, and could be used for logging, executing arbitrary system commands, creating coroutines, and making HTTP GET requests. The malicious code was difficult to detect, and enabled the attacker to remotely execute commands on the infected devices, potentially allowing them to install further malware. The backdoor also allowed the attacker to download a Chrome exploit known as CVE-2021-38003, which was a high-severity security flaw in Googles V8 JavaScript and WebAssembly engine. Avast reported their findings to Valve, the developer of Dota 2, who updated the vulnerable V8 version and took down the malicious game modes. According to Valve, fewer than 200 players were affected by the attack. In January, a similar attack was used to exploit a Grand Theft Auto Online remote code execution vulnerability. The developer of the North GTA cheat included features to ban and corrupt players accounts in a version released on January 20, 2023, but removed them in a new version the following day and apologized for the chaos caused by the cheats users. Rockstar Games, the developer of GTA, released a security update to address the issue on February 2.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 08 Feb 2023 18:09:02 +0000