A situation occurs where malware is installed in game updates on Steam, and Steam announces that SMS authentication will be required as a countermeasure.
It has been discovered that Steam's automatic update feature was being abused to distribute games containing malicious software to a small number of users through developer accounts. To prevent a recurrence, Valve, which operates Steam, has announced that it will require SMS authentication for developers.
Steam :: Steamworks Development :: Coming soon: Security enhancements for building and managing Steamworks users
Valve adds new security check after attackers compromise Steam accounts of multiple game devs and update their games with malware | PC Gamer
https://www.pcgamer.com/steam-malware-attack-new-security/
Steam enforces SMS verification to curb malware-ridden updates
https://www.bleepingcomputer.com/news/security/steam-enforces-sms-verification-to-curb-malware-ridden-updates/
Valve issued a warning in September 2023 that Steamworks accounts for game developers were compromised between late August and September, and a malicious version was uploaded that infected players' PCs with malware. has been notified.
The email sent to the victim read: ``Recently, a game developer's account was compromised and the attacker uploaded a new build that contained malware. This dangerous build was reverted the next day, but If you played one of these games, you may have been infected with malware.'
Wondering why Steam devs will have to confirm via SMS before publishing new game versions or adding users? ( https://t.co/EIyLHyA02N ….) Looks like it's related to hackers taking over Steam dev accounts & adding malware to game builds. (Screenshot via @SteamDB from Sept. 2023.) pic.twitter.com/WfjGiHdhxm
— Simon Carless (@simoncarless) October 10, 2023
Although the titles of the games whose malware was included in the update have not been disclosed, Valve reports that multiple developer accounts were compromised and fewer than 100 users were affected.
Fortunately, the damage was minimal, but on October 11, 2023, Valve announced that it will be mandatory to register a phone number with Steamworks accounts to strengthen security.
Starting October 24, 2023, when this change takes effect, game developers will be able to update their released game's default branch , the version that receives automatic updates to nearly all Steam players, through two-factor SMS. You will have to get certified.
Not all game developers have a mobile phone, but Valve advises those who do: ``Unfortunately, if you need to add users or set a default branch for a released app, You will need a mobile phone or some kind of device to receive SMS.'
One of the games that temporarily distributed an update containing malware is a free-to-play game called ``NanoWar: Cells VS Virus.''
Steam:NanoWar: Cells VS Virus
https://store.steampowered.com/app/2215190/NanoWar_Cells_VS_Virus/
Although the introduction of two-factor authentication improves security, it has been pointed out that it is not a definitive measure.
Benoît Fresron, developer of NanoWar: Cells VS Virus, said: ``I am the developer of this game. All my accounts were hacked by token-grabbing malware. '2FA (two-factor authentication) is useless,' he said, revealing that despite having introduced two-factor authentication, he was unable to prevent the damage.
Hey Simon, I'm the developer of this game. ALL my accounts were hacked by a Token Grabber Malware. Unfortunately, the 2FA is useless if the token is still active. I just used my dev account to release the game few hours before the hack I suppose.
— Benoît Freslon ???????? VideoGameCreation.fr (@BenoitFreslon) October 11, 2023
Related Posts:
