Comment on Block Blasters: Theft of $32k in crypto from a stage 4 cancer patient due to valve’s incompetence in allowing malware on their platform

• Modern_medicine_isnt@lemmy.world ⁨6⁩ ⁨months⁩ ago

  Clearly it passed thier test. But it was not undetectable.

  source
• pulsewidth@lemmy.world ⁨6⁩ ⁨months⁩ ago

  It had a password protected zip file in an update that hid the payload. That is pretty damn basic and would not have gotten past any retail antivirus program’s heuristic detection.

  Chances are that Valve is treated as a ‘trusted publisher’ by Microsoft Defender and thus it bypassed the scan. The malware even payload explicitly checks that no retail antivirus was installed, and that Microsoft Defender was active, prior to attempting to extract and run its payload.

  (See comments about for explicit details regarding the malware)

  source

  • Nibodhika@lemmy.world ⁨6⁩ ⁨months⁩ ago

    Password protected zip file is also a way to deliver content an indie dev might use to lock content, so that on its own is not enough, but also the “payload” was connecting to a remote server, which is not indication of bad behavior, lots of games connect to remote servers and receive commands from there, e.g. event X starts now, or something. Except in this case it allowed a reverse shell.

    source

    • pulsewidth@lemmy.world ⁨6⁩ ⁨months⁩ ago

      Citation please for any indie dev using passworded zip files to lock game content. That would be a pretty dumb approach given all retail security suites / antiviruses will flag a password-protected archive as suspect by default (because they’re so commonly used in the past to distribute malware).

      source

      • Nibodhika@lemmy.world ⁨6⁩ ⁨months⁩ ago

        Here’s a steam forum of someone asking why some devs do that from a year ago: steamcommunity.com/…/4423184558852867037/ so it is done by other devs.

        source

        • -> View More Comments