loader gif

Steam game Abstractism yanked from store over accusations of cryptocurrency mining

Steam game Abstractism yanked from store over accusations of cryptocurrency mining
  • Valve has booted the game and its developer from Steam.
  • The incident comes shortly after Valve recently announced it would open up Steam to a wider selection of games and allow "everything onto the Steam Store."

Abstractism, a simple, "relaxing" 2D game, has been yanked from Steam following accusations of secret cryptocurrency mining. The decision came after multiple players reported the indie game was consuming a significantly higher amount of processing power and voiced concerns that the game may have been engaging in cryptojacking.

YouTuber SidAlpha investigated the issue and expressed his concerns in a video over the weekend that the game was installing a cryptocurrency miner due to the significant spikes in CPU and GPU usage.

Suspicious behavior

Many players posted negative reviews along with screenshots showing the game was being recognized by their security software as a Trojan. The game was spotted dropping a "SteamService.exe" file into the game's directory that triggered the antivirus software warning for allowing "remote execution of commands."

SidAlpha also noted that the Steam Marketplace was also being populated with items from Abstractism that closely resembled rare items from other games for inflated prices such as a "Strange Professional Killstreak Australium Rocket Launcher”. An identical-looking item, along with the same image and description, is used in the game Team Fortress 2.

Abstractism developer Okalo Union responded to the outcry saying the heavy usage was due to “post-processing effects rendering” required by the graphics. However, many quickly pointed out that the game's simplistic design could not possibly have advanced graphics.

"When you see the very basic game in action, it's hard to believe that it could have any legitimate need to stretch the abilities of a typical gaming PC," security researcher Graham Cluley wrote on the Bitdefender blog.

Okalo Union pushed back against allegations saying its "Abstractism Launcher" and new "Inventory Service" feature were not Bitcoin miners or Monero miners, adding that the two resource-intensive resources were necessary to connect to Steam and control its drop mechanism. The developer claimed that its Inventory Service feature would reward players with "drops" for rare in-game items if they stayed on the game longer.

"Drop time is dynamic and increases after each drop (you need 15 minutes to receive the first drop, 30 minutes for the second drop, 60 minutes for the third drop and so on)," the developer wrote in an update. "You receive more rare items if your playtime is long ('60 minutes' item drops are better than '15 minutes' drops)."

Encouraging players to keep the running for longer periods of time could be potentially leveraged to give them more time to mine cryptocurrency.

Abstractism booted from Steam

Valve removed Abstractism from Steam on Monday and the developer has since been banned. Other Okalo Union games and the developer's publisher Dead.Team have also been booted as well. According to Steamspy, around 6000 users had downloaded the game.

"We have removed Abstractism and banned its developer from Steam for shipping unauthorized code, trolling, and scamming customers with deceptive in-game items," Valve said in a statement.

The incident comes shortly after Valve recently announced it would open up Steam to a wider selection of games and allow "everything onto the Steam Store, except for things that we decide are illegal or straight up trolling." The decision immediately prompted concerns over untrusted games that could harm players' systems, open users up to scams or allow for malicious software to sneak through.

It also comes amid a significant rise in illicit cryptomining and cryptojacking schemes across various platforms, techniques and sources. In recent months, cybercriminals have been pivoting from public-facing ransomware to quiet illicit cryptomining malware to make a quick buck.

loader gif