Valve has been in contact with several game developers who were hit by hackers who used a vulnerability to hide malware in their games on Steam.

The hackers’ intention was to play the malware off as an update to the installed game on players’ PCs, then infecting them when the “new build” was downloaded.

Fortunately, less than 100 players had these compromised games installed on their systems and they were also contacted by Valve to notify them of the security breach.

“The build containing the suspected malware was promptly reverted and purged from Steam, but we strongly encourage you to run a full-system scan using an anti-virus that you trust or use regularly,” advised Valve via GameDiscoverCo’s Simon Carless on X.

As a result of “an uptick in sophisticated attacks” on game developers, said Valve in a comment to PC Gamer, the requirements for the safety of their accounts have been changed.

Before October 24, developers must add a phone number to their account so the act of uploading and rolling out an update must be cleared with a confirmation code sent to the phone.

If developers don’t have a phone, Valve said “sorry” but they will “need a phone or some way to get text messages if [they] need to add users or set the default branch for a released app.”

See also  New ‘Elden Ring’ DLC trailer has lore fans stoked

valve addresses malware install hack using game builds 2
Lines of binary code on a laptop Credit: Moritz Erken via Unsplash

According to Carless, some developers are displeased with the short notice for finding a phone number to attach to their accounts and that text messages can still be a way for hackers to dupe the receivers.

However, Valve explained that if the developer uses the SetAppBuildLive API, they will be able to decide which Steam ID to use and therefore which phone number to use for confirmation.

In other gaming news, Psyonix has revealed that Rocket League player-to-player trading will be removed in December, to the irritation of fans who view that feature as integral to the game.



Source