According to a new discovery by Avast Threat Lab (opens in a new tab) – a safety net managed by a well-known antivirus company – the popular online game Dota 2 has been “attacked” by malicious mods containing malware, but should now be invalidated with a new update.
Despite being nearly a decade old, Dota 2 still reportedly attracts 15 million monthly active players, which explains why it has become a target for cybercriminals.
The outdated version of v8.dll from December 2018, containing a number of exploited vulnerabilities, was blamed. However, they were disclosed to Valve, the company behind the game, who promptly took action to fix them.
Dota 2 malware update
The affected game mods included “addon test, please ignore”, “Overdog no annoying heroes”, “Custom Hero Brawl” and “Overthrow RTZ Edition X10 XP”. A fifth mod by the same author was found under the name “Brawl in Petah Tiqwa”, although no malware was found.
Patch Notes for January 12 Game Update Status:
“As part of our efforts to further develop Dota technology, the version of the V8 JavaScript engine included in Dota has been updated, resulting in a new requirement for macOS 10.13+. For the vast majority of Mac gamers, this requirement change will have no impact.”
This version of macOS, High Sierra, is compatible with most Mac models built since 2010 (and many late 2019 models).
In addition to the JavaScript exploit, the hacker also placed a file with the ominous name “evil.lua”, intended to test the feasibility of Lua on the server side.
According to Avast Threat Labs that were notified of the attack, Valve said less than 200 players were affected.
Despite the attack, Avast Threat Labs indicated that Valve is generally solid in removing malicious mods by leveraging its own Steam gaming platform. The researchers also credited Valve for its quick response.