Key takeaways
- Valve removed Beyond The Dark after malware allegations surfaced.
- The malicious payload allegedly stole passwords, browser data, and crypto wallet information.
- Attackers reportedly hijacked an existing Steam game instead of publishing a new one.
- The malware hid inside a modified UnityPlayer.dll file.
- Anyone who installed the game should run antivirus scans and change passwords immediately.
I’d rather not use flatpack, but I really should figure out better sandboxing. Not just for games, but for supply chain attacks, etc.
It’s kind of nuts that a game has access to my browser profile and all sorts of other stuff in ~.
I know firejail nicely packs my Firefox & co. to only have access to select few /home/<uname> sub-dirs
This is what I do as well. Process inheritance helps prevent any game that Steam runs from misbehaving outside it’s whitelisted directories.
Its reasuring, knowing that any potentially spawned process is also sandboxed to the same environment and while it doesn’t isolate (in terms of e.g. Docker) it does contain it to less risky (with correct set up) part of the system.
A big bonus to it, is that it provides basic profile versions for the whole plethora of programs which can be simply expanded/adjusted with custom user profile.
Selinux should help with this, but by default all ‘non-server’ apps can just access anything across the user’s home. Maybe I should look into this. Hmmmm.
Edit: then again, steam games usually run via wine, using a simulated windows filesystem… Maybe they are isolated already? I really should look into this.
No, the Z drive in wine maps to your linux file system.