● Steam game removed for turning PCs into cryptocurrency miner

Tue Jul 31, 2018 1:02 pm
Clan Leader
Top Dog
Nuke Dev / Coder
3029 Posts
coRpSE
Currently Offline
Offline

Most Played:
This week: 32.4hrs.
Total Played: 62hrs.


  
Is this your job?
Reputation: 7363.5
votes: 7
Expand


Valve pulled the game Abstractism from the Steam store. In a statement to Kotaku, Valve explained it had "removed Abstractism and banned its developer from Steam for shipping unauthorised code, trolling, and scamming customers with deceptive in-game items".

But according to
Please login to see this link
Get registered or Log in
, Valve has also taken steps to actively prevent fake item scams via the Steam marketplace. The code shows a pop-up will appear should players attempt to trade for items in a game they have never played, with a warning saying: "This trade appears suspicious". In theory, this should prevent scams similar to the one seen in the Abstractism incident, where a player was tricked into buying an item that appeared to be from TF2, but actually originated from the Abstractism game.

[fl:00176abaf6]Expand[/fl:00176abaf6]

Steam has come under fire in recent months for opening its store to hundreds of decidedly dodgy games, and it seems this policy is once again hurting customers, as one game on the Steam store is reportedly turning players' computers into a cryptocurrency-mining botnet.

The offending game in question is called Abstractism - an indie which masquerades as a "trivial platformer" but seems to be doing something far more insidious. Multiple players have left negative reviews with screenshots showing evidence the game installs a Trojan virus "disguised as as a steam.exe process" along with malware under the name "abstractism launcher". After seeing these reports, YouTuber SidAlpha investigated the game and found these viruses are likely installing cryptocurrency mining software, (Video below). This presents a huge risk for players, as according to CSO, "cryptojacking" can damage computer performance, increase electricity bills, and even infect cloud infrastructure.


Although cryptojacking is notoriously difficult to detect, one of the clearest signs a computer is being used to mine coins is increased use of CPU and GPU, both of which have been reported by Abstractism's players. The game's developer, Okalo Union, has claimed this only occurs when players are using "high graphics settings", but this is inconsistent with the style of the game (a simple platformer) and the very low recommended settings listed for the game on its Steam store page.


SidAlpha has also highlighted that the developer's recent posting on "item drops" encourages players to keep the game running all day, which means the hackers can maximise their time using the game to farm cryptocurrency. On top of this, the post encourages players to be in-game on Fridays to allow the "drop limit" to reset. According to SidAlpha and CSO, this is yet another tell-tale sign of cryptojacking, as it gives the hackers time to collect "hashes" from the infected computers (solved problems required for mining coins).

One commenter on SidAlpha's YouTube channel bravely decided to test the theory by running Abstractism on a virtualiser. The user, called Mateus Muller, confirmed the game's use of CPU, GPU, RAM and IO was "consistent with what you would expect from a crypto miner," while the game also caused a "huge amount of network activity" that could be explained by the program downloading the blockchain.

The game's crimes, however, appear to extend beyond cryptojacking. One Steam user also reported on backpack.tf they'd been scammed by a fake TF2 item dropped by the game. The screenshot shows Abstractism used TF2 artwork and text to create a fake listing for an Australium Rocket Launcher - an item which currently sells for over $100 on the Steam Community Market. The listing was clearly convincing enough to fool the scam's victim, who traded a high-value item only to receive the fake in return. Looking at Abstractism's item shop, the TF2 rocket seems to have since been deleted. Perhaps copying Valve's intellectual property for a scam was a step too far for the developer.



Obviously, the fact Abstractism was able to be sold on Steam raises serious questions about Valve's process for approving games to be distributed on the platform. Valve recently stated in a Steam blog it would "allow everything onto the Steam Store, except for things that we decide are illegal, or straight up trolling," yet it seems they are failing even in this regard. Perhaps most worryingly, the offending game in this incident was hardly subtle: the poorly-hidden malware, the brazen attempt to scam with fake TF2 items, and galleries of Pepe and Putin memes should have set alarm bells ringing long before the game was ever made available to the public. Until Valve changes its current laissez-faire approach to maintaining its store, Steam users may fall victim to even more sophisticated scams, leaving customers to question whether they're actually safe on the platform.
Forums ©