Valve removes free game from Steam after players discover it contains malware

Games are an almost perfect type of software to be run in a sandbox. The question is, why aren't they already run in a sandbox?

There is a game - Beyond The Darkness - released few weeks before the name change

"Beyond the Darkness" was released on Nov 14 2024 - https://store.steampowered.com/app/1728610/Beyond_The_Darkne...

"Beyond the Dark" (the malware) was released (ahem, renamed) on Dec 28 2024

What about all the other games with malware, like Denuvo and similar?

> What’s interesting is that while the game itself often crashed during launch, the malicious software continued running quietly in the background.

Wonder how much longer it could have remain undetected if it actually fired up a shovelware game that could run properly, things like crashing probably gave it away way faster than it could've.

> However, someone reportedly hijacked the developer’s Steam account and quickly transformed it into Beyond The Dark – changing its name, screenshots, and other store details. As Steam does not fully verify every patch made to a game, the modified version was reportedly able to go live without raising immediate red flags.

It is interesting that it seems to easier to take over a legit game than trying to create a new one. I have seen this with youtube channels, inactive during a long period of time and suddenly showing mostly scams. Or the original owner became a criminal, or more probably were taken over criminals.

> The malware allegedly searched for cryptocurrency wallet browser extensions, including MetaMask, before connecting to external servers and downloading additional tools. These tools were reportedly capable of stealing browser information, passwords, and cryptocurrency wallet data.

Cryptocurrencies are the most insecure currency that we have even invented. It is paradoxical that is being marketed as actually safe.

Huh. There is the occasional paid game on steam that has a 100% off deal. Guess it's time to start being suspicion of those as well.

I'm thinking of the scenario where the original devs sell the game rights off since sales are bottomed out.

This is bound to become more and more pervasive, with supply chain attacks happening extremely frequently now. My cooleagues and me almost got caught in the latest Shai-Hulud attack due to some tanstack packages. Noone is safe now.

Surprised this or malicious games and updates hasn't happened sooner.

I am starting to think that perhaps their fee is not entirely justified.

[flagged]

And yet games like Subnautica 2 do similar things and nobody stops them because it’s in the EULA.