Beware gamers! There’s a new attack targeting the Dota 2 multiplayer online battle arena (MOBA) video game. Threat actors are leveraging the popularity of the game to backdoor the players’ systems.
About the attack
Avast Threat Labs researchers found that the attackers had created four malicious Dota 2 game mods and published them on the Steam store to lure gamers.
- It is said that around 200 players were affected by the attack.
- The malicious game modes names were Overdog no annoying heroes (id 2776998052), Custom Hero Brawl (id 2780728794), and Overthrow RTZ Edition X10 XP (id 2780559339).
Modus operandi
The bundled backdoor within malicious game modes potentially allowed the installation of further malware on the victim’s device.
- The attackers also included a new file named evil.lua in their attack which was used to test server-side for Lua execution and logging capabilities.
- It enabled arbitrary command execution by making HTTP GET requests to fetch the payload.
- The other method of infection involved the exploitation of a known Google’s V8 JavaScript and WebAssembly vulnerability (CVE-2021-38003).
What does this indicate?
While this is one of the attacks targeted at gamers, there has been a significant increase in the number of attacks over years.
- Akamai researchers reported that there was a 167% surge in web application attacks in the gaming industry, affecting millions of gamers globally.
- The highest number of attacks was observed in the U.S., followed by nations in Europe and Asia.
- Additionally, microtransactions and gaming companies shifting operations to the cloud created new threat surfaces for hackers.
Mitigation
The security researchers reported the findings to Dota 2’s developer Valve. The vulnerable V8 JavaScript version was updated. Additionally, the developer removed the malicious game mods and alerted all players impacted by the attack.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/9fed_shutterstock_2180047409.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_18718526_MEDIUM.jpg)
