There are so many ways malware could get through that. What if it waits for a specific date or a certain amount of progress in the game? This automated sandbox probably wouldn’t be smart enough to beat the game, certainly not with as many games as they have.
Steam could easily gave automation the installs and runs games in a sandbox. Then watches what they do. The things it needed to do to steal the crypto should be vastly different than what a game should be allowed to do.
Die4Ever@retrolemmy.com 18 hours ago
dafta@lemmy.blahaj.zone 22 hours ago
This isn’t foolproof. A lot of malware these days is resistant to analysis because they can detect that they’re running in a sandbox and refuse to run the malicioua code.
Nibodhika@lemmy.world 6 hours ago
Have you seen the malware? It would have passed that test.
pulsewidth@lemmy.world 1 hour ago
It had a password protected zip file in an update that hid the payload. That is pretty damn basic and would not have gotten past any retail antivirus program’s heuristic detection.
Chances are that Valve is treated as a ‘trusted publisher’ by Microsoft Defender and thus it bypassed the scan. The malware even payload explicitly checks that no retail antivirus was installed, and that Microsoft Defender was active, prior to attempting to extract and run its payload.
(See comments about for explicit details regarding the malware)
Nibodhika@lemmy.world 56 minutes ago
Password protected zip file is also a way to deliver content an indie dev might use to lock content, so that on its own is not enough, but also the “payload” was connecting to a remote server, which is not indication of bad behavior, lots of games connect to remote servers and receive commands from there, e.g. event X starts now, or something. Except in this case it allowed a reverse shell.
dogs0n@sh.itjust.works 19 hours ago
It isn’t easy as you say.
If they could let us run games in a sandbox/virtualised area that would be amazing though. That’s a very big ask though.
I do know that xbox consoles run games in their own hyper-v vm which gives extra protections to us from most malicious code.
Obviously this would be hard for Steam to implement, but it would be a very nice measure.
ryathal@sh.itjust.works 2 hours ago
Malware creation and detection are billion dollar industries playing an eternal cat and mouse game with each other. These programs don’t just instantly try to steal every file the second they run.