It has been 0 days since the Steam marketplace has been used to deliver malware to unsuspecting gamers who download titles from Valve's long-running platform.
Twitch streamer Raivo "RastalandTV" Plavnieks said on Sept. 30 that over $32,000 worth of cryptocurrency—which had been donated to him to help pay for cancer treatments—was stolen after he installed a Steam game called "BlockBlasters" when someone in his stream chat recommended it to him.
"BlockBlasters" debuted on Steam in July and was malware-free until an August 30 update that, according to the independent SteamDB tracker of all things Steam, added the crypto- and credential-stealing malware. That means the game was actively being used to deliver malware for nearly a month before the RastalandTV hack.
BleepingComputer reports that RastalandTV's live hacking prompted security researchers to investigate the game. "ZachXBT" said that more than $150,000 had been stolen from 261 different Steam accounts; the "vx-underground" malware research group said it found evidence that the actual victim count was 478.
Another group of security researchers have published their breakdown of how the malware worked, how they identified the cybercriminals responsible for the operation, and how they disrupted it. (They also included a note to law enforcement saying they have "mountains of technical evidence surrounding individuals in this case" to share.)
Some of the discussion around this incident has focused on the claim that "BlockBlasters" was marked as "Verified" on Steam. To our knowledge, the only "Verified" label applied to games relates to their compatibility with the Steam Deck, which simply means that Valve has confirmed the title will run on the handheld. That doesn't necessarily imply that Valve has assessed the game's contents.
But that in no way negates the fact that Steam, a platform that millions of gamers have come to trust over several decades of operation, delivered malware used to steal hundreds of thousands of dollars worth of cryptocurrency for nearly a month. It took a high-profile, live-streamed incident for something to be done about this operation.
"This is appalling levels of vetting," the researchers who investigated this incident said. "How can you let such brazen malware exist on your platform?"
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
