Tag Archive for: Steam

Hackshot Is Ready to Start Hacking on Steam in May


Prepare for Your Hacking Adventure in Hackshot

The indie video game developer RD Interactive is proud to announce that its upcoming title Hackshot is releasing on Steam on 23 May 2024. Additionally, it will also feature Steam Deck support as well. So, get ready to become a hacker and take down pop-up ads and viruses in this innovative puzzle adventure game.

Hackshot

Hackshot is a deep, twisted puzzle artillery game with adventure, puzzle and sandbox lements. It takes place in a world where even hackers become a target and downloading RAM is not a surprising thing. You will become a hacker and embark on a thrilling journey to infiltrate the largest tech corporation known to mankind

Dive into a tale brimming with a terabyte of classic internet scam tactics, all wrapped up with a dash of coolness. Craft your own solutions by mixing and matching various abilities. Team up wirh other hackers and security specialist to create cool hacking combos. Go deep into their tail in your own fashion and uncover the bizzare secrets hidden inside the cyber space.

Key features:

– Over 20 hours of shooting viruses and crashing security

– Optional content triples the playtime above

– Open-ended levels, craft solutions in your own style

– No filler levels, no condescending tutorial levels, just pure challenging fun

– Over 7000 unique Cyberballs to craft

– Hackers will hack you back

– Discover the secrets of the world by climbing to the top of The Murky Web

Hackshot is ready for its final playtesting before release, and it will done entirely on Steam. Mark your calendars everyone for the ultimate hacking experience.

SOURCE

Source…

Steam Store Spreaded Malware After Hacker Hijacked Developer Accounts


Valve’s Steam store was reportedly exploited to spread malware to a small number of users. 

The incident occurred after a hacker breached several game developer accounts on Steam. The attacker then circulated malware over the platform through game updates to users. 

The problem came to light after Valve was spotted sending out a message to affected users last month about the malware infections. “The Steam account for the developer of this game was recently compromised and the attackers uploaded a new build that contained malware,” the company wrote in the notice. 

Simon Carless, founder of the Game Discover Co newsletter, then connected the message to an announcement Valve made this week, notifying game developers about a new security requirement for their accounts. “Looks like it’s related to hackers taking over Steam dev accounts and adding malware to game builds,” he wrote. 

Valve has since told PCGamer that multiple game developer accounts were recently compromised. Fortunately, the intrusions only led to fewer than 100 Steam users receiving malware through the game updates. These users have since received warnings from Valve notifying them about the threat. 

To prevent future hijackings, Valve is essentially requiring game developers on Steam to enroll in two-factor authentication. However, the company is demanding developers do so by registering their accounts with a phone number to receive the SMS-based two factor codes. 

“This change will go live on October 24, 2023, so be sure to add a phone number to your account now. We also plan on adding this requirement for other Steamworks actions in the future,” Valve said in the announcement

The problem is that SMS-based two factor authentication can be vulnerable to SIM swap attacks and other forms of phishing capable of stealing the access codes. As a result, some game developers have been complaining about the new requirement and instead urging Valve to ditch the SMS-based two factor authentication for more secure authenticator apps

“Why does every company and their grandpa think they’re entitled to my PRIVATE phone number, that so far I’ve managed to keep reasonably spam free,” added one developer…

Source…

CISA Warns That Royal Ransomware Is Picking Up Steam


Email Security & Protection
,
Fraud Management & Cybercrime
,
Ransomware

US Agency Says Royal Ransomware Group Is Made Up of Experienced Threat Actors

CISA Warns That Royal Ransomware Is Picking Up Steam

The Royal ransomware group targeting critical infrastructure in the United States and other countries is made up of experienced ransomware attackers and has strong similarities to Conti, the infamous Russia-linked hacking group, according to a new alert issued by U.S. authorities.

See Also: OnDemand | Navigating the Difficulties of Patching OT

The group is targeting major industries including manufacturing, communications, education and healthcare organizations in the U.S. and other countries, according to a joint advisory from the U.S. Cybersecurity and Infrastructure Security Agency and the FBI.

The attackers appear to be particularly interested in hitting the U.S. healthcare sector, demanding ransoms from $250,000 to over $2 million. “In each of these events, the threat actor has claimed to have published 100% of the data that was allegedly extracted from the victim,” the Department of Health and Human Services said in a security alert in December 2022.

In the latest advisory, CISA warns that Royal ransomware is deployed through phishing mails and is capable of disabling antivirus software. “After gaining access to victims’ networks, Royal actors disable antivirus software and exfiltrate large amounts of data before ultimately deploying the ransomware and encrypting the systems,” the alert says.

CISA says the TTPs and IOCs related to the ransomware are similar to those of Conti, the infamous Russia-linked hacking group that disbanded in May…

Source…

Hackers Stealing Steam Accounts Using This New Hack


steam account

Researchers at Group-IB, a leading provider of innovations and solutions for counteracting cyberattacks, have published a new report that demonstrates how hackers are using a new phishing technique called Browser-in-the-Browser, to target accounts of professional Steam gamers that are valued between $100,000 and $300,000.

For the unversed, a Browser-in-the-Browser (BitB) is a new phishing threat that is emerging worldwide. This method creates a fake browser window within the active parent browser window on a phishing resource, making it look like a sign-in pop-up page in order to steal login credentials.

This phishing kit was first discovered and shared by a researcher Mr.d0x in March 2022. Using this method, threat actors create fake login forms for Steam, Microsoft, Google, or any other service.

In order to analyze the significant threat that the Browser-in-the-Browser technology posed to significant users, Group-IB used an example of a phishing kit located on a resource that mimicked Steam.

How Does The Scheme Work?

Threat actors send direct messages to prospective victims on Steam and lure them with various appealing offers such as: inviting them to join a team for LoL, CS, Dota 2, or PUBG tournament, or voting for the user’s favorite team, or buying discounted tickets to cybersport events, and more.

The links that the threat actors share bring the victims to bait webpages mimicking organizations sponsoring and hosting e-sports competitions. The victims are then requested to log in via their Steam account in order to join a team and play in a competition.

“Almost any button on bait webpages opens an account data entry form mimicking a legitimate Steam window. It has a fake green lock sign, a fake URL field that can be copied, and even an additional Steam Guard window for two-factor authentication,” the researchers wrote in their report.

While traditional phishing resources display a phishing data entry form or redirect users to it, this type of attack opens a fake browser window in the same tab to convince users about its authenticity.

Users can even switch between 27 webpage interface languages, which are fully functional, and the selection is identical to the one…

Source…