According to a bug report, hackers can take control of victims’ computers just by tricking them into clicking on a Steam invite to play Counter-Strike: Global Offensive. With it, hackers can exploit the game to take full control of a target’s machine. A security researcher alerted Valve, the company behind the game, about the bug in June of 2019.
The researcher, who goes by the name Florian, said that while the bug has been fixed in some games that use the Source engine, it is still present in CS: GO, and he demonstrated it in a call with Motherboard.
According to him, hackers could use this bug and make it automatically spread.
“Once you infected somebody, this person can be weaponized to infect their friends and so on,” Florian said.
“Valve’s response has been a complete disappointment right from the start. Our experience has always been slow response times, with little to no patches being pushed to production,” Carl Schou, the founder of Secret Club, a not-for-profit group of security researchers, told Motherboard in an online chat. “They truly don’t care about the security and integrity of their games.”
This is not the first time Valve has been slow to respond and fix reported vulnerabilities. In 2018, Motherboard reported that a security researcher found a bug in Steam that allowed hackers to take over victims’ computers—a bug that had been present for 10 years.