Key takeaways
- Valve removed Beyond The Dark after malware allegations surfaced.
- The malicious payload allegedly stole passwords, browser data, and crypto wallet information.
- Attackers reportedly hijacked an existing Steam game instead of publishing a new one.
- The malware hid inside a modified UnityPlayer.dll file.
- Anyone who installed the game should run antivirus scans and change passwords immediately.
Long ago when Linux was a complete underdog (0.001% of users or something) it was touted as being vastly more secure than Windows, and that was probably true. But, convenience always battles with security in adverse ways, and Steam does aim to be very convenient.
I remember for a time any Xbox-app game would prop up a UAC permissions dialog each time you’d newly installed a game. Those apps are also un-moddable due to package signing. It was very annoying, but part of me thought “…Theoretically, Steam should be doing at least something like this.”