How I Found Malware in a BeamNG Mod
How I Found Malware in a BeamNG Mod

How I Found Malware in a BeamNG Mod

How I Found Malware in a BeamNG Mod
How I Found Malware in a BeamNG Mod
I had the mod installed in the timeframe were it had the malware. Fuck me.
But what really pisses me off is that i read about it first here on lemmy. Not on the Beamng forums/repository, not in the game, not in the steam announcments of the game. Like you distributed malware over your platform and the policy of you fucks is just to stay silent? Meh.
Why would it be in-game or a steam announcement? The malware was in a mod, not the base game. Mod authors can't post game announcements. So, at best you get a comment of the workshop or on nexus.
Because Beamng runs their own mod repository which is even accessible ingame. This isnt about some random mod hosted on a randrom 3rd party site. This mod was released and distributed over servers and a services which Beamng as a company runs themselves. So reading a whole ass month after the incident my system and my passwords were potentially compromised fucking sucks. I'm not blaming them that the mod got uploaded. I'm blaming them that they made no attempts to publicly communicate: "yo, a mod containing malware got uploaded to our service and 3000 users downloaded it before we got informed that it was infected. If you happen to have downloaded the mod in x timeframe your system was likely compromised. Sorry yadda yadda"
Because it's supposed to reach affected users as quickly as possible, and a Steam/ingame announcement is the best way to do that? Slay The Spire made such an announcement when a popular mod was infected, and even though I didn't use that mod, I still appreciated the outreach and care.
Why are you acting like it's such a crazy idea to use broad announcement channels to reach all affected users?
This made me think, okay, this particular exploit uses malicious code in a mod that targets an old embedded chromium vulnerability, and can be fixed by updating the game's dependencies. This game started a dozen years ago, but it's still being worked on.
How many retro games that are not still in development could have vulnerabilities like that? Especially moddable games.
Another thing I think about sometimes is how games can be malicious too. The trend in PC gaming for a while now is "flavor of the month" where every couple months a huge breakout title comes out and everyone plays it for a few weeks.
The expectation from these games is that they run like shit despite being a fifth as graphically complex as a bigger budget game. What stops them from slipping a coin miner in for half a day at the peak of their popularity?
Schedule 1 for example. I love this game and I'm not accusing them of anything, just an example. Let's be honest. It runs at 100fps when it could run at 1000fps. Say the dev finally optimizes it, pushes the optimizations and a coin miner in a hotfix patch with no patch notes post on Steam. Six hours later the dev removes the coin miner and pushes that as a major patch with a patch notes release calling it the "optimization update" or something. We'd be none the wiser.
Don't take this as me saying not to support indie titles but it's a little weird that millions of people install untrusted closed source code from 1-3 devs all at the same time every couple months.
It could happen, but especially if the game has at least some popularity on a platform like Steam I expect someone more tech savvy than average would smell a rat and start looking, or ask around, and it'd be found out.
I don't know exactly how those work, but I imagine on top of weird CPU usage it would make very suspicious network calls too. There's always a guy that sees stuff like that and goes "where the fuck are my cycles and packets going?"
Mods that contain code always feel sketchy to me. How much can I trust whoever made this dll or such?
If you want extended mod support, you kinda need it though. Stuff like Minecraft and Rimworld come to mind.
Rimworld has very good official mod support that lets you do quite a lot with completely safe XML configuration files. But as soon as you want to deviate a bit from what the vanilla game allows, you'd have to code that and embed it as a DLL in your mod.
Almost all gameplay or UI mods are DLL mods or depend on one. Quick survey : I have about 250 DLLs from my active mod list.
Every mod that adds functionality can do everything the User can do, except when its sandboxed (for example factorio, TES without script extender). Its really a huge attack vector.