Security News Valve Patches Security Flaw That Allows Installation of Malware via Steam Games

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A vulnerability in Valve's Source SDK, a library used by game vendors to support custom mods and other features, allows a malicious actor to execute code on a user's computer, and optionally install malware, such as ransomware, cryptocurrency miners, banking trojans, and others.
The issue came to light today when security researcher Justin Taft of One Up Security published a report detailing his findings.
The vulnerability is a simple buffer overflow in the Source SDK. The buffer overflow can be exploited by an attacker to append a piece of malicious code and execute it on a targeted machine.
Click to expand...

Flaw exploited via custom maps and mods
Games based on the Source engine use the Source SDK as a way to let third-party companies or independent developers to create custom mods for their games. In addition, Source engine map files also allow developers to pack custom content to be loaded with a custom map.

Taft says that an attacker could use mod or map files to load the exploit code for the vulnerability he discovered.

For example, a malware dev could create a malicious rag model, which is a file that defines how players' characters move when they die. Taft says that a malware dev can load exploit code in the rag model file that they pack inside malicious map files and game mods.

When users connect to servers, in most cases, their games automatically download and load these resources. All it takes is for one player to get shot and die for the malicious code to execute, loading malicious instructions.
Click to expand...

Vulnerability could be exploited to target enterprises
Even if the vulnerability affects games, this issue poses some security threats to companies, not only casual gamers.

"As video games are common inside employee break rooms and homes of employees, exploitation of a vulnerability could be used in a targeted attack to jump the air gap to a private network," Taft explains. "As a mitigation, games should not be installed on work devices. Gaming machines should be moved to an untrusted network, and business devicess should not connect to the untrusted network."
Click to expand...
 
  • Like
Reactions: Vasudev, SHvFl and frogboy
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Thanks
Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks
Replies
1
Views
1,515
News Archive
nicolaasjan
nicolaasjan
CyberPanther
    • Like
Security News VULNERABILITIES Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks
Replies
0
Views
723
Security News
CyberPanther
CyberPanther
Bot
Security News Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool
Replies
0
Views
455
Security News
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top