Security News > 2023 > February > Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players' Systems

An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena video game that could have been exploited to establish backdoor access to players' systems.

Following responsible disclosure to Valve, the game publisher shipped fixes on January 12, 2023, by upgrading the version of V8. Game modes are essentially custom capabilities that can either augment an existing title or offer completely new gameplay in a manner that deviates from the standard rules.

While publishing a custom game mode to the Steam store includes a vetting process from Valve, the malicious game modes discovered by the antivirus vendor managed to slip through the cracks.

These game modes, which have since been taken down, are "Test addon plz ignore," "Overdog no annoying heroes," "Custom Hero Brawl," and "Overthrow RTZ Edition X10 XP." The threat actor is also said to have published a fifth game mode named Brawl in Petah Tiqwa that did not pack any rogue code.

In a hypothetical attack scenario, a player launching one of the above game modes could be targeted by the threat actor to achieve remote access to the infected host and deploy additional malware for further exploitation.

It's not immediately known what the developer's end goals were behind creating the game modes, but they are unlikely to be for benign research purposes, Avast noted.

News URL

https://thehackernews.com/2023/02/hackers-create-malicious-dota-2-game.html