Security researchers have discovered four malicious Dota 2 game mods that were used by a threat actor to backdoor the players’ systems.
The unknown attacker created four game mods for the highly popular Dota 2 multiplayer online battle arena video game and published them on the Steam store to target the game’s fans, as Avast Threat Labs researchers found.
“These game modes were named Overdog no annoying heroes (id 2776998052), Custom Hero Brawl (id 2780728794), and Overthrow RTZ Edition X10 XP (id 2780559339),” Avast malware researcher Jan Vojtěšek said.
The attacker also included a new file named evil.lua that was used to test server-side Lua execution capabilities. This malicious snippet could be used for logging, executing arbitrary system commands, creating coroutines, and making HTTP GET requests.
While the threat actor made it very easy to detect the bundled backdoor in the first game mode published on the Steam Store, the twenty lines of code malicious code included with the three newer game mods were much harder to spot.
The backdoor enabled the threat actor to remotely execute commands on the infected devices, potentially allowing the installation of further malware on the device.
