The game in question, Block Blasters, which was free to play, has been removed from Steam, although it seems owners can still try to install it, but antivirus programs may block those attempts.
The GData linked in the post shows that the game was released in July 31 and that the malware update came in August 30, adding a .bat and 2 .zip files within the Engine/Binaries/ThirdParty/Ogg directory. The zip files were password protected, which blocked scanning.
The batch script checks first if the system is running only Windows Defender and does not have any of the listed AV products from AV_PROCESSES as a running process; if these criteria are met, the batch script unpacks the contents of the archive “v1.zip” (…) The script “1.bat” adds the destination folder of the executables found inside the “v3.zip” archive to the exemption list for Microsoft Defender Antivirus. [emphasis mine]
So, yeah, it’s pretty clear how easily it went undetected by Steam, Windows Defender or any other antivirus program - malware inside a password protected zip. I suspect making something similar on Android wouldn’t be much harder, as an app or game that needs access to your internal storage isn’t “too weird”, like something that asks for some music to play in a stage.
A password-protected zip file should have been flagged by Steam as suspect before they approved the update, its a very old and very common method for detection bypass.
I’m not into crypto. But how can it being stolen just by reading some file in the computer? Isn’t the private key encrypted with some really secure password? It was stolen while the private key was being used?
To keep it short there is two big families of wallets. Hot and cold wallet. Hot wallets are the one that got an internet connection wether it’s a constant one or periodically connecting. Cold wallets are never connected to the internet and often are dedicated hardware devices with the better ones having a Secure Element to store the private key or even sometimes sign transactions directly in it.
Victims of this attacks were using hot wallet on a not-dedicated machine which is consider bad practice. Hot wallets have to be consider more like a physical wallets for daily spends and cold wallet being privilege for long-term saving and monthly or yearly transactions.
I’m not an expert but desktop OS (especially Windows) are not as well contained than phone so I almost never use hot wallet on my computer. Often users are tricked to sign transactions to get stolen but I think if the wallet is unlocked a malware with the right privileges/permissions could easily steals money.
by reading some file in the computer Aren’t Steam games always executable for Windows?
Considering how the malware works, it seems that the criminal managed to copy/steal all the browser data of Rastaland, including open sessions, allowing him to login on any site that had an active session/cookies, including that pumpdotfun where the coin was
video.twimg.com
Najstarsze