Infected Steam game downloads malware disguised as patch

R6Rider

R6Rider

Gold Member
www.gdatasoftware.com

Infected Steam game downloads malware disguised as patch

A 2D platformer game called BlockBlasters has recently started showing signs of malicious activity after a patch release on August 30. While the user is playing the game, various bits of information are lifted from the PC the game is running on - including crypto wallet data. Hundreds of users...
www.gdatasoftware.com www.gdatasoftware.com

First saw this on Reddit.
Reddit Post

The game is called BlockBlasters.

SteamDB has a warning on the game page:
 
Average estimated owner count of 6.7k. Was this free? Peak concurrent of 8 means this wasn't exactly high on anyone's list, thankfully.

Valve scanning should be a standard thing, I'd say.

Edit: Valve do have some sort of screening, it seems:
These threat actors bypassed initial security screening from Valve which allowed the deployment of malicious patches and infected multiple users of the platform. Now we observed a similar case in another Steam-released game called BlockBlasters, further highlighting the ongoing risks to players.
Click to expand...
 
Last edited:
adamsapple said:
Get your shit together, Gabe.
Click to expand...

gabe-newell.gif
 
Soodanim said:
Link in the article takes you to this:
Click to expand...


Yeah, this was really sad to see having happened; it hurts seeing people get screwed over like this, especially those in situations like him. Hope the dude can get the money back somehow through new donations and more secure crypto wallet/bank. Whoever made the "game" should be located and legally charged, sentenced with some heavy prison time and have all their assets and (likely additional) stolen money seized. Complete shitheads.

But also yeah, Valve need to really crack down on this. It does suck for them that sleazy, fake puritanical payment processors are trying to force Steam into censorship (tho some of the "games" clearly about & simulating sex assault only for pleasure needed to get yeeted, IMHO), but Valve should hopefully be able to deal with those losers while also actively cracking down on devs disguising malware and crypto draining programs as games on the storefront.
 
R3TRO said:
Almost makes me want to stay away from small indie games.
Click to expand...
If you want to be safe, check and see if it's on mobile app stores first, then read the reviews.

--If not--

If you want to be safer, mainly buy indie games that were ported to console.

--If not--

If you want to be the safest, wait for more than 10 user reviews before buying anything.
 
Last edited:
March Climber said:
If you want to be safe, check and see if it's on mobile app stores first, then read the reviews.

--If not--

If you want to be safer, mainly buy indie games that were ported to console.

--If not--

If you want to be the safest, wait for more than 10 user reviews before buying anything.
Click to expand...
These scam games, including this one, have tons of fake positive user reviews.

These types of scams are impossible to differentiate from legit games on the surface, and unless you have access to the source code AND you know what to look for, something that end users of these scams aren't typically privy to, you'd be none the wiser.

The "safest" way to avoid malware like this is by not downloading trash you've never heard of. Search the game on youtube. If no one has played it, I would consider that a giant red flag.
 
March Climber said:
This sounds like a good option #4.

Have malware games like this made it to consoles?
Click to expand...
Surprisingly, no.
BUT, these types of scam games are after peoples crypto wallets, installing keyloggers, etc. Things that would have no bearing on consoles. However, a malware game that steals your Xbox/PlayStation account is entirely feasible, but might require some sort of phishing elements as well...but that would become immediately obvious and get pulled pretty quickly, whereas the "genius" in these types of scams is that it might take someone a lonnnng time before they ever noticed their crypto wallet was gone. I'm guessing a large chunk of those 907 people they scammed will only find out by being contacted by these guys.
 
ScHlAuChi said:
What a weak excuse, Valve could simply hire a large team of testers to check for that stuff.
But they dont want that!
Click to expand...
This is not realistic. No amount of testing will help you against a software that self update. Running the software in a virtual machine or sandbox would but the performances aren't there yet.
 
ScHlAuChi said:
What a weak excuse, Valve could simply hire a large team of testers to check for that stuff.
But they dont want that!
Click to expand...
It's not even that a couple of basic security policies for updates would have prevented this. The main one would be not to allow password protected archive files in updates which they could easily check for and block automatically as they would have no legitimate reason for being in a game update.

Steam is really shocking after the initial security check.
 
ScHlAuChi said:
Valve makes billions in profit and cant even check the damn games for malware?
Good job Gaben!
Click to expand...

It does. But most malware has a period of time, where it is unknown and can run freely, with Anti-virus not being able to detect it. Only after its signature has been identified, will most AVs be able to catch it.
There are programs that use behavior analysis to try to detect malware, but its not 100% effective.
And this is why its possible to configure an AV to block executables from running, if they don't meet an age requirement. Even Windows Defender can do this.
 
That fact no one over at Valve took a glance at the sketchy commands .bat file is a big oversight. Good news is that they found some identifiable data behind the theft. They caught onto this in time before it continued to spread.
 
winjer said:
It does. But most malware has a period of time, where it is unknown and can run freely, with Anti-virus not being able to detect it. Only after its signature has been identified, will most AVs be able to catch it.
There are programs that use behavior analysis to try to detect malware, but its not 100% effective.
And this is why its possible to configure an AV to block executables from running, if they don't meet an age requirement. Even Windows Defender can do this.
Click to expand...
While you are right, I´m pretty sure 100% of available AV software on the market would have detected the suspicious behavior of Block Blasters once it tries to access files it isnt supposed to access.
If Valve did a basic AV check on those games before letting them on the platform, then this wouldnt have happend!
 
Sophist said:
It's hard to check without the source code. Especially that most anti-cheats are no different than malwares.
Click to expand...
No this is bullshit, any standard Anti Virus software on the market would have detected this via heuristic virus detection once the software tries to access files it isnt supposed to.
 
ScHlAuChi said:
While you are right, I´m pretty sure 100% of available AV software on the market would have detected the suspicious behavior of Block Blasters once it tries to access files it isnt supposed to access.
If Valve did a basic AV check on those games before letting them on the platform, then this wouldnt have happend!
Click to expand...

If that was true, then the people playing the game would have been safe.
 
ScHlAuChi said:
While you are right, I´m pretty sure 100% of available AV software on the market would have detected the suspicious behavior of Block Blasters once it tries to access files it isnt supposed to access.
If Valve did a basic AV check on those games before letting them on the platform, then this wouldnt have happend!
Click to expand...
My guess is they used a Direct TV Black Sunday approach so neither the game or the update had detectable malicious code but them combined did and Valve was scanning each piece independently.
 
Anyone else just glad it wasn't a horrible nasty "adult" game? Thank you all governments and credit card issuers for protecting us and the kids.

Seriously though, while this is seemingly and hopefully an extremely rare case, I hope it doesn't snowball into some horseshit that affects genuine solo or indie dev teams. Hope anyone who had money stolen can get some sort of reimbursement or Valve can act in good faith and help out.
 
winjer said:
If that was true, then the people playing the game would have been safe.
Click to expand...
Do you know if they had any AV running?
But regardless if the endusers did or did not - it is clearly Valve´s responsibility to make sure stuff like this doesnt get released!
Valve makes so much money, why should they get away with this sort of thing if they actually had the power to change that?
Have we already become so complacent with tech companies that we are ok with this?
 
Last edited:
I don't remember where (and whether the info is legit or not), but pics and videos of one of the alleged scammers and his faux pas persona was posted on the internet yesterday. IIRC he calls himself an influencer and is awkwardly making videos with his gf, flaunting an expensive lifestyle with Ferraris and the whole shebang.


Edit: Ah, yes, it was a penguinz0 video

 
Last edited:
ScHlAuChi said:
No this is bullshit, any standard Anti Virus software on the market would have detected this via heuristic virus detection once the software tries to access files it isnt supposed to.
Click to expand...
This is naive for a few reasons:

- Even non malicious software have exploits; those are discovered everyday. It's easy for someone to purposely leave an exploit in a closed source software.

- The user here is willingly running the software and would probably answer/pick 'yes' if the game asks for admin privileges.

- Your anti-virus may warn you that the game is accessing a folder like "C:\Users\YourUserName\AppData\Roaming\",
you will tell the anti-virus it is okay because this is where the game store its save files.
Then the anti virus will warn you that the game is sending data over internet, again you say it is okay because the game is updating or downloading a map or ...
Then one day the game downloads a map with malicious code and the anti virus will say nothing because you already gave your approval.
It's easy to trick an unsuspecting user to give you access to everything. Android apps do that all the time.

- Anti virus software are known for giving more opportunities of exploit to attackers than less.

You want to be safe? Keep your critical stuff on a non-gaming machine like a raspberry py or something.
Or play your games on a virtual machine with PCI Passthrough but this is still too obscure for most gamers (requires a compatible CPU, Motherboard and two gpus)

The_hunter said:
IOS and mac sandbox everything.

Best advice is to only download software with a lot of downloads, or a reputable developer.
Click to expand...

Facebook circumvented the android sanbox or abused users naivety under Google nose for many years and google doesn't really care.
The results of searching "Facebook android" on hacker news are crazy: https://hn.algolia.com/?q=facebook+android
 
ScHlAuChi said:
Valve makes billions in profit and cant even check the damn games for malware?
Good job Gaben!
Click to expand...
People have pointed this out for years. This is why Steam gets patches faster. Because they literally don't do anything. Other stores have approval processes in place but that is apparently too much for devs to tolerate.

Just shows you that once again, devs are not on your side. The only thing they advocate for is zero protection for the consumer, and as little work and accountability as possible for themselves.

Valve doesn't check shit on their store. Doesn't make games. Doesn't employ hardly anyone. Your money is going into a black hole that pays for yachts. Steam is essentially extracting 30% of all PC sales out of the gaming industry and weakening it like a parasite. None of it is reinvested. They don't even publish games like EPIC does. EPIC is paying genDesign to make a new badass game, something Valve will never do.
 
Last edited:
Sophist said:
This is naive for a few reasons:
- Even non malicious software have exploits; those are discovered everyday. It's easy for someone to purposely leave an exploit in a closed source software.
Click to expand...
Yes, but this clearly wasnt the case here. It could have been detected if there was a process in place for this.
Sophist said:
- The user here is willingly running the software and would probably answer/pick 'yes' if the game asks for admin privileges.
Click to expand...
Yet again, if Valve had any reasonable process to check that sort of stuff, it could be a red flag.
I would bet the majority of endusers wouldnt even know what that actually means - they just want to play the game.
Sophist said:
- Your anti-virus may warn you that the game is accessing a folder like "C:\Users\YourUserName\AppData\Roaming\",
you will tell the anti-virus it is okay because this is where the game store its save files.
Then the anti virus will warn you that the game is sending data over internet, again you say it is okay because the game is updating or downloading a map or ...
Then one day the game downloads a map with malicious code and the anti virus will say nothing because you already gave your approval.
It's easy to trick an unsuspecting user to give you access to everything. Android apps do that all the time.
Click to expand...
Sure, but you are telling me that this stuff isnt something Valve could detect before they let a game on Steam?
If no, why not? Becasue they dont want to spend the money or hire the people to do this?
Sophist said:
- Anti virus software are known for giving more opportunities of exploit to attackers than less.
Click to expand...
Ok that is a bold claim, please link to data that proves that! I mean sure, if one uses Norton or McAfee then yeah ;)
Sophist said:
You want to be safe? Keep your critical stuff on a non-gaming machine like a raspberry py or something.
Or play your games on a virtual machine with PCI Passthrough but this is still too obscure for most gamers (requires a compatible CPU, Motherboard and two gpus)
Click to expand...
Or better not use Windows at all!
Valve´s SteamOS is basically a solution to this problem for PC gaming.
Sophist said:
Facebook circumvented the android sanbox or abused users naivety under Google nose for many years and google doesn't really care.
The results of searching "Facebook android" on hacker news are crazy: https://hn.algolia.com/?q=facebook+android
Click to expand...
This is pretty much the same problem, Google doesnt care unless it will cost them alot of money.
Valve wont care unless it will blow up in their face and cost them alot of money too.
That´s why laws like GDPR, DMA and DSA are needed.
 
Last edited:
Punished Miku said:
People have pointed this out for years. This is why Steam gets patches faster. Because they literally don't do anything. Other stores have approval processes in place but that is apparently too much for devs to tolerate.
Just shows you that once again, devs are not on your side.
Click to expand...
As a dev myself I cant agree with that.
No legit dev would have a problem to go through such processes - after all there is TRC´s on consoles too that have to be followed if one wants to release on there.
But Steam is the largest platform on PC, you simply cannot ignore it, and without any processes demanded by Valve its basically the wild west.

Punished Miku said:
Valve doesn't check shit on their store. Doesn't make games. Doesn't employ hardly anyone. Your money is going into a black hole that pays for yachts.
Click to expand...
Of course they dont, they take 30% of our profit and no dev is happy about that:
www.gamesindustry.biz

Just 6% of devs say Steam earns its 30% cut - Survey

For years, Valve has thrived by taking a 30% cut of all revenues developers bring in through Steam, but the company is …
www.gamesindustry.biz www.gamesindustry.biz
They could do ALOT more, but they simply refuse to!
 
You must log in or register to reply here.

Similar threads

PirateFi game removed from Steam for pushing malware
6
1K
Barakov replied
Infected Mushroom Pinball
9
261
Gameplay Gods Bless replied
Echo patch for Afear
1
98
Shockwave_Fox replied
The biggest weakness with Steam & Steam Deck... downloads
2
77
5K
proandrad replied
Steam Soundtracks - Play the game, play the music
15
151
John Bilbo replied
Top Bottom