HQ/EMEAFind out how we can help your business
Gaming fans are warned about a new cybersecurity issue involving Dota 2 online video game after hackers have been spotted leveraging it as a backdoor to hunt for victims.
With millions of daily players globally, Dota 2 is a highly popular multiplayer battle arena providing gamers with a virtual space to showcase competitiveness, strategy, and action. However, the popularity of this game has been taken advantage of by hackers to lure players into installing malware on their devices.
Hackers have created four malicious Dota 2 game modes published in a video game digital distribution service.
While in the game, the game modes intend to put more customisation into a gameplay experience, such as wearable in-game items, announcer packs, and chat emoticons, among others – thus making video game fans enthused to download them into their devices.
Reports reveal that four malicious custom game modes had been built solely to make gamers install malware on their computers, which includes a test exploit (id 1556548695), Overdog no annoying heroes (id 2776998052), Custom Hero Brawl (id 2780728794), and Overthrow RTZ Edition X10 XP (id 2780559339).
The spotted malicious modes for the popular battle arena game led to gamers installing malware on their computers, with researchers confirming that it affected about 200 players.
In this issue, the hackers utilised gaming modes’ use of the Lua programming language, with the hackers creating a file named evil[.]lua for server-side test execution and logging features. The hackers utilising Lua also enabled arbitrary command execution through the HTTP GET requests fetching malicious payload.
Moreover, the hackers abused another vulnerability, tracked CVE-2021-38003, which is a flaw of Google’s V8 JavaScript and WebAssembly. This flaw allowed hackers to empower the four malicious custom game modes for remote code execution.
The global statistics for the gaming sector being a target of cyberattacks have been increasing significantly over the years. According to a study, a 167% surge in web app attacks for video games has affected players worldwide, including in the US, Europe, and Asia.
The four malicious game modes for Dota 2 in this report have now been removed. All the hundreds of affected players have also been alerted to remain vigilant and contact cybersecurity experts to help aid the infection in their devices.
Meanwhile, gamers worldwide are advised to review all game modes they download and install to avoid infecting their computers with malware, which could result in more serious security problems.
