Security News

A new malware sold on dark web forums is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, and EA Origin. This malware explicitly targets gaming platforms, like Steam, Epic Games, EA Origin, GOG Galaxy, and more, as it can harvest accounts for its operators, which later sell them in underground markets.

A security researcher helped Valve, the makers of the gaming platform Steam, plug an easy-to-exploit hole that allowed users to add unlimited funds to their digital wallet. Steam Wallet funds are exclusive to the Steam platform and are used to purchase in-game merchandise, subscriptions and Steam-related content.

Look out for SteamHide, an emerging loader malware that disguises itself inside profile images on the gaming platform Steam, which researchers think is being developed for a wide-scale campaign. The Steam platform merely serves as a vehicle which hosts the malicious file, according to research from G Data: "The heavy lifting in the shape of downloading, unpacking and executing a malicious payload fetched by the loader is handled by an external component, which accesses the malicious profile image on one Steam profile. This external payload can be distributed via crafted emails to compromised websites."

A group of security researchers known as the Secret Club took to Twitter to report a remote code execution bug in the Source 3D game engine developed by Valve and used for building games with tens of millions of unique players. Exceptions are games built with Source 2 or those that run a modified version of the Source engine, like Titanfall.

Check Point Research has identified four vulnerabilities in the network library of Steam, the online platform from game developer Valve that is used by 25 million users to connect together at peak time to buy, play, create, and discuss PC games. An attacker could have used the security flaws to remotely crash an opponent's game client and potentially take over a gamer's computer and hijack all computers connected to a third-party game server.

Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 and Half Life. Game developer Valve has fixed critical four bugs in its popular Steam online game platform.

Critical flaws in a core networking library powering Valve's online gaming functionality could have allowed malicious actors to remotely crash games and even take control over affected third-party game servers. "An attacker could remotely crash an opponent's game client to force a win or even perform a 'nuclear rage quit' and crash the Valve game server to end the game completely," Check Point Research's Eyal Itkin noted in an analysis published today.

A malware campaign that shares no known similarities to previous attacks has been uncovered, targeting organizations in the Middle East. Dubbed "WildPressure," the campaign used a previously unknown malware that researchers named Milum, after the C++ class names inside the code.

Phishing scammers have once again targeted users of the popular Steam gaming service, it was revealed this week.

From a backdoor placed in the Webmin utility to vulnerability disclosure drama around zero-days in Valve's Steam gaming clients, Threatpost breaks down this week's top stories.