Don’t click that CS:GO Steam invite - it could be malware

The bug uses CS:GO invites as a lure

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A critical bug in Valve’s game engine has been demonstrated by a security researcher to allow hackers to take control of their victims’ computers. All the attacker needs to do is trick their victims into clicking aSteaminvite link to playCounter Strike: Global Offensive (CS:GO).

Even more worryingly, the security researcher, known as “Florian” toldMotherboard, said that the bug can be used to develop a worm-like exploit to infect other machines.

The vulnerability isn’t game-specific, but rather exists in the Source game engine that’s used by several popular games including CS:GO, Team Fortress 2, Dota 2, and Postal III among others.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

Slow to respond

Slow to respond

Florian said he brought the vulnerability to Valve’s attention as part of the company’s bug bounty program back in 2019. And while the bug has been rendered ineffective on virtually all Source-powered games, it still mysteriously exists in CS:GO.

“I am honestly very disappointed because they straight up ignored me most of the time,” said Florian.

While Valve didn’t returnMotherboard’s request for comments, Carl Schou, founder of a not-for-profit group of security researchers called Secret Club, pointed outtwoother vulnerabilitiesthat Valve failed to acknowledge even after being informed several months ago.

“Valve’s response has been a complete disappointment right from the start,” Schou toldMotherboard, adding that slow response times have been the hallmark of the group’s past interactions with the popular gaming publisher and distributor.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:Motherboard

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Your next smartwatch could be battery-free – and powered by your skin