Security
Headlines
HeadlinesLatestCVEs

Headline

Hackers Create Malicious Dota 2 Game Modes to Secretly Access Players' Systems

An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players’ systems. The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a zero-day and addressed by Google in October 2021. "Since V8

The Hacker News
#vulnerability#google#java#backdoor#rce#zero_day#The Hacker News

Game Hacking / Cyber Threat

An unknown threat actor created malicious game modes for the Dota 2 multiplayer online battle arena (MOBA) video game that could have been exploited to establish backdoor access to players’ systems.

The modes exploited a high-severity flaw in the V8 JavaScript engine tracked as CVE-2021-38003 (CVSS score: 8.8), which was exploited as a zero-day and addressed by Google in October 2021.

“Since V8 was not sandboxed in Dota, the exploit on its own allowed for remote code execution against other Dota players,” Avast researcher Jan Vojtěšek said in a report published last week.

Following responsible disclosure to Valve, the game publisher shipped fixes on January 12, 2023, by upgrading the version of V8.

Game modes are essentially custom capabilities that can either augment an existing title or offer completely new gameplay in a manner that deviates from the standard rules.

While publishing a custom game mode to the Steam store includes a vetting process from Valve, the malicious game modes discovered by the antivirus vendor managed to slip through the cracks.

These game modes, which have since been taken down, are “test addon plz ignore,” “Overdog no annoying heroes,” “Custom Hero Brawl,” and “Overthrow RTZ Edition X10 XP.” The threat actor is also said to have published a fifth game mode named Brawl in Petah Tiqwa that did not pack any rogue code.

Embedded inside “test addon plz ignore” is an exploit for the V8 flaw that could be weaponized to execute custom shellcode.

The three others, on the other hand, take a more covert approach in that the malicious code is designed to reach out to a remote server to fetch a JavaScript payload, which is also likely to be an exploit for CVE-2021-38003 since the server is no longer reachable.

In a hypothetical attack scenario, a player launching one of the above game modes could be targeted by the threat actor to achieve remote access to the infected host and deploy additional malware for further exploitation.

It’s not immediately known what the developer’s end goals were behind creating the game modes, but they are unlikely to be for benign research purposes, Avast noted.

“First, the attacker did not report the vulnerability to Valve (which would generally be considered a nice thing to do),” Vojtěšek said. “Second, the attacker tried to hide the exploit in a stealthy backdoor.”

“Regardless, it’s also possible that the attacker didn’t have purely malicious intentions either, since such an attacker could arguably abuse this vulnerability with a much larger impact.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware

Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox).

Malicious Game Mods Target Dota 2 Game Users

Valve's unpatched JavaScript engine and incomplete modification vetting process for Steam-delivered mods led to user systems being backdoored.

Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware

A spyware vendor called Cytrox was found to be using several zero-day vulnerabilities in Google's Chrome browser and the Android kernel component. The post Zero-day vulnerabilities in Chrome and Android exploited by commercial spyware appeared first on Malwarebytes Labs.

Predator Spyware Using Zero-day to Target Android Devices

By Deeba Ahmed Spyware developer firm Cytrox is under Google’s radar for developing exploits against five 0-day flaws in Android and… This is a post from HackRead.com Read the original post: Predator Spyware Using Zero-day to Target Android Devices

Cytrox's Predator Spyware Target Android Users with Zero-Day Exploits

Google's Threat Analysis Group (TAG) on Thursday pointed fingers at a North Macedonian spyware developer named Cytrox for developing exploits against five zero-day (aka 0-day) flaws, four in Chrome and one in Android, to target Android users. "The 0-day exploits were used alongside n-day exploits as the developers took advantage of the time difference between when some critical bugs were patched