>
According to a new discovery from Avast Threat Labs (opens in new tab) – the security network run by the prominent antivirus software company – the popular online game Dota 2 has been “attacked” by malicious mods containing malware, but they should now be nullified with a new update.
Despite being almost a decade old, Dota 2 reportedly still attracts 15 million active monthly players, which explains why it’s been targeted by threat actors.
An outdated December 2018 build of v8.dll was blamed, which contained a series of exploited vulnerabilities. However, these were disclosed to Valve, the company behind the game, who acted promptly to fix them.
Dota 2 malware update
Affected game mods included ‘please ignore testaddon’, ‘Do not overdog annoying heroes’, ‘Custom Hero Brawl’ and ‘Overthrow RTZ Edition X10 XP’. A fifth mod by the same author was found with the name ‘Brawl in Petah Tiqwa’, although no malware was found.
The patch notes for the January 12 game update status:
“As part of our efforts to advance Dota technology, the version of the V8 JavaScript engine in Dota has been updated resulting in a new macOS requirement of 10.13+. For the vast majority of Mac players, this requirement change will have no impact.”
This version of macOS, called High Sierra, is compatible with most Mac models from 2010 onwards (and some late 2019 models).
In addition to the JavaScript exploit, the hacker also included an ominously named “evil.lua” file designed to test the capabilities of the server-side Lua execution.
Valve said fewer than 200 players were affected, according to Avast Threat Labs, who were aware of the attack.
Despite the attack, Avast Threat Labs indicated that Valve is generally robust in removing malicious mods thanks to its use of its own gaming platform Steam. The researchers also credited Valve for responding quickly.