Classical point-and-click adventure are out. They are the dinosaurs of gaming and no one ever plays them anymore, right? Well … kind of. Point-and click-adventures had their 5 minutes of fame some 30 years ago, when classics like Monkey Island, Zack McCracken, and Kings Quest entertained a whole generation of gamers. Since then adventure games […]
Open world survival games like ARK: Survival Evolved, Rust, and 7 Days to Die, are a big thing right now – it seems like there is a new one being released every other day on Steam. While the setting may differ most of them have one thing in common: They were developed by indie developers. […]
Wow, that sentence sounds rather boring, right? Well, let’s elaborate a bit. If you are an avid PC gamer you most like know Steam, and if you are into playing (or watching) gamers compete in Multiplayer Online Battle Arenas (MOBAs), you also might have noticed that some of the more famous DotA 2 players got their accounts stolen. Of course their accounts were not the only ones affected, but definitely the most noticeable ones.
What happened is that Steam apparently had a rather big loophole in its system: One could access another account with only the username – and it was as simple as eating pie. Just take a look at the video below and be amazed:
The issue is now fixed, after Valve learned of it on July 25th – so if you are a gamer with a lot of games in your steam library (or a professional DotA/CS:GO player) you can relax.
According to Kotaku, Valve release a statement to those affected:
“To protect users, we are resetting passwords on accounts with suspicious password changes during that period or may have otherwise been affected. Relevant users will receive an email with a new password. Once that email is received, it is recommended that users login to their account via the Steam client and set a new password.
Please note that while an account password was potentially modified during this period the password itself was not revealed. Also, if Steam Guard was enabled, the account was protected from unauthorized logins even if the password was modified.
aboutseven, a newly registered member on the GTA forums, was the first one to notice that all was not well with the processes running on his computer. “I came across something pretty startling today after reviewing my processes that were running on my computer. I tend to do this a lot out of paranoia, just checking that I don’t have stuff running in the background that I don’t want running, or if I ever possibly run into something that is out of the ordinary that could possibly be malware. I happened to notice that the Windows C# compiler running the background as csc.exe”, he wrote in his post.
After looking into it some more he dredged up a file called Fade.exe, which hijacked a part of the registry in order to being launched at boot. Some more testing revealed that a GTA mod named Angry Planes was to be held responsible for the malware landing on his system. Since the discovery, other players are claiming they’re finding similar harmful files on other mods as well, such as No Clip.
What it does
So, why exactly is Fade.exe such a problem? To answer the question, let’s just take a look at the modules that are loaded with the mod, according to another forum user named ckck:
“Facebook spam/credential stealing module
Twitch spam/credential stealing module
com spam/credential stealing module
A Steam spamming module
A Steam module that evaluates the items in your inventory and their value based on current market value
A Keylogger module that logs individual button presses in an XML like format, it also includes information about context switches (switching from one app/window to another)
A UDP flooding module
I hadn’t deciphered and didn’t see in action.”
What you can do
In case you have one of the mods installed, make sure to scan your computer with your AV and remove the malicious files. Keeping in mind that Fade.exe also sniffs around your Facebook, Steam, and Twitch accounts, make sure to change all your passwords as well.