Steam Store Spreads Malware After Hacker Hijacks Developer Accounts
Valve’s Steam store was reportedly exploited to spread malware to a small number of users.
The incident occurred after a hacker breached several game developer accounts on Steam, and used that access to spread malware on the platform through game updates.
The problem came to light after Valve sent out a message to affected users last month. “The Steam account for the developer of this game was recently compromised and the attackers uploaded a new build that contained malware,” the company wrote in the notice.
Simon Carless, founder of the Game Discover Co newsletter, then connected the message to an announcement Valve made this week, which notified game developers about a new security requirement for their accounts. “Looks like it's related to hackers taking over Steam dev accounts and adding malware to game builds,” he wrote.
Valve later told PCGamer that multiple game developer accounts were recently compromised. The intrusions led to fewer than 100 Steam users receiving malware through the game updates. These users have since received warnings from Valve notifying them about the threat.
To prevent future hijackings, Valve is essentially requiring game developers on Steam to enroll in two-factor authentication. However, the company is demanding developers do so by registering their accounts with a phone number to receive SMS-based two-factor codes.
“This change will go live on October 24, 2023, so be sure to add a phone number to your account now. We also plan on adding this requirement for other Steamworks actions in the future,” Valve said in the announcement.
The problem is that SMS-based two-factor authentication can be vulnerable to SIM swap attacks and other forms of phishing capable of stealing the access
Read more on pcmag.com
