Hackers have a new modus operandi in hijacking PCs, and CS:GO players and players of other similar games are at high risk of being victims.
With Valve neglecting a Counter-Strike: Global Offensive vulnerability for over two years now, hackers have found a way to hijack players’ PCs by exploiting the existing flaw. Hence, if you play CS:GO and other Steam games, you will need to be cautious of Steam invitations.
Valve’s ‘Source’ Game Engine
Source is Valve’s 3D game engine, and it’s what powers Counter-Strike and other games. Unfortunately, it has an exploitable vulnerability that Valve has neglected to patch, and is now what hackers use to inject malware through its gaming platform.
This fact itself is very concerning, and what makes it worse is knowing that Valve is apparently already aware of this, but has left the flaw alone for more than two years. This irresponsibility has left millions of users at risk of getting hijacked.
Source engine powers the following games:
- Counter-Strike: Global Offensive
- Team Fortress 2
- Left 4 Dead
- Dota 2
- Many more
Discovery of the Bug
Two years ago, Secret Club, a team of security researchers discovered a bug in Source engine. Accordingly, club member Florian informed Valve of the existing vulnerability, for which they paid him with the promise of fixing the Source code.
Unfortunately, the issue is still present even after CS:GO’s latest patch [126.96.36.199 (version 1256)]. Moreover, players don’t have much of a choice in looking for protection against this vulnerability, as there isn’t one besides completely avoiding Source engine games.
How the Attack Occurs on CS:GO
According to Tom’s Guide, the potential attack follows the sequence as listed:
- A player logs into Steam and plays Counter-Strike: Global Offensive (or other Source-powered games).
- A hacker sends a Steam invitation with malicious code to that user.
- The code exploits the existing vulnerability in Source engine that allows the hacker to add another code into the victim’s PC.
- The hacker now has control of the PC for malicious attacks like installing malware, installing a keylogger, and others.
The Good News
Fortunately, Florian ensured to discuss the details of the flaw vaguely. As of the moment, exploitation of the vulnerability has yet to occur, most likely due to the fact that the process could be too complex for cybercriminals to attempt.
Moreover, although Valve never prohibited Florian from giving full details, Secret Club prefers to be cautious. Hence, the only thing keeping CS:GO players safe from attacks is the complicated nature of the vulnerability that Florian decided to redact.
Indeed, gaming is one of the most fun ways to spend your free time. Not only is it enjoyable, but it is also profitable with the right goals in mind. However, with the growth in the gaming population came the rise of malicious cyber attackers.