A Steam game has been accused of scamming its players and implementing malware onto their computers, according to several charges from prominent YouTube channels, installing Cryptocurrency mining software.
The game in question was Abstractism, which has since been taken down from the Steam page. It was found, through several comments and negative reviews of the game, that it contained some form of Trojan Virus as well as stolen assets from games such as Team Fortress 2. The assets were created to look like rare weapon drops from the game, but are instead used to scam TF2 players out of their own money.
Others have dug deeper into the scam and the game Abstractism, in particular, YouTube personality SidAlpha, who discovered that the files were installing a cryptocurrency mining software.
Crypto mining softwares, according to Eurogamer, are classified as "cryptojacking" from tech security website CSO. The purpose of this malware is to eat up CPU and GPU on an unsuspecting computer in order to "mine" more cryptocurrency from their data, so long as the program is open. This can cause damage to a computer's performance, higher electric bills and other problems if not checked. Cryptojacking malware is difficult to detect, but in this case, the malware would try to force the game itself, through its executable file, to stay open as long as possible to mine for cryptocurrency.
This ties into the developers intent of Abstractism. The developer, only known as Okalo Union, added the 'steamservice.exe' to the game on July 23rd, then announced that item drops for the game were available but were directly linked to playtime; the longer Abstractism is open, the more likely you will get a valuable item drop.
The developers also encouraged players to play the game on Fridays to allow the drop limit to reset. This is also considered a sign of this is cryptojacking according to CSO. In this case, it is giving the hackers time to collect hashes from a computer. Hashing, is taking an input string of any length and giving out an output of a fixed length. So effectively, the miners will be taking the hashes of what they mined from your computer, taking the data and calculate them for themselves, then return them to the unsuspecting computer to repeat the process.
Okalo Union has also been accused of cryptomining several times before this weekend, with them even responding to the accusation earlier this month by claiming that the game, a simple platformer using blocky shapes, was likely being run on high graphics settings to explain to excessive use of CPU and GPU. This, of course, contradicts the games own listing of low graphical settings, along with other evidence pointed out by SidAlpha and other Steam users.
The issue of malware off of a Steam game is coming at the heels of other problems with Steam as of late, most notably the lackadaisical response by Valve in regards to their new process for reviewing content on their platform, an issue raised earlier this year when several 'adult' games were removed from Steam without warning. Issues over the years have included multiple asset-flipped games, inappropriate games, and titles, and now, possibly issues of malware and viruses being laced into gaming software.
While Valve did not make a statement regarding Abstractism or Okalo Union, the game has been removed from Steam completely, after numerous reports flagged the game as being a crypto miner.
What are your thoughts on all of this? Should Valve tighten the restraints a bit? Leave your comments below.