近日,據推主消息,一款名為《Beyond The Dark》的Steam免費遊戲中隱藏惡意代碼,可竊取用戶的加密貨幣錢包資訊、瀏覽器密碼乃至Roblox賬號數據。該遊戲實際上是由一款名為《Rodent Race》的簡單小遊戲劫持而來,攻擊者盜取開發者賬戶後,迅速更改遊戲名稱、封面圖及描述,利用Steam不對更新內容進行二次審核的漏洞,成功上架惡意版本。
A free game on Steam called Beyond The Dark contained hidden malicious software. The game originally started as a simple title named Rodent Race. Someone hijacked the developer’s account and quickly changed the name, images, and other details. This tricked Steam, which does not verify updates. The malware was hidden in a file called UnityPlayer.dll. The game often crashes when run, but the malware keeps operating in the background. It searches for crypto wallet extensions in Chrome, such as MetaMask, connects to a malicious server, and downloads tools to steal passwords, browser data, and cryptocurrency. Some reports say it may also steal Roblox information. YouTuber Eric Parker discovered the malware and made a video about it. Steam then removed the game completely. If you downloaded or played it: >Delete the game immediately. >Run a full virus scan with updated antivirus software. >Change all important passwords, especially for email, browsers, and crypto accounts. >Check your crypto wallets for missing funds and transfer any remaining balance to a new secure wallet on another device. This is a common tactic on Steam now
惡意代碼被藏匿在「UnityPlayer.dll」文件中。遊戲運行時經常崩潰,但後台惡意軟體持續運行。它會自動掃描Chrome瀏覽器中的加密錢包擴展(如MetaMask),連接遠程惡意伺服器,下載竊密工具,盜取密碼、瀏覽記錄及加密資產。部分報告還指出,它可能同時竊取Roblox平台的登錄憑證。
知名YouTuber Eric Parker率先發現該問題並發布影片警告,隨後Steam官方將該遊戲全面下架。
需要注意,若用戶曾下載或運行該遊戲,應立即執行以下操作:徹底刪除遊戲文件夾;使用最新病毒庫的殺毒軟體進行全盤掃描;更改所有重要密碼,尤其是郵箱、瀏覽器及加密貨幣賬戶的密碼;檢查加密錢包資產是否丟失,並將剩餘資金轉移至另一台安全設備上的新錢包。近年來,此類通過免費遊戲傳播惡意軟體的手段在Steam平台上屢見不鮮,玩家下載時需格外謹慎。
