this post was submitted on 21 May 2026
334 points (99.4% liked)

Technology

84828 readers
3695 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
334
Valve removes free horror game from Steam after players discover it contains malware that steals your data (www.pcguide.com)
submitted 1 day ago by themachinestops@lemmy.dbzer0.com to c/technology@lemmy.world
53 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] teslekova@sh.itjust.works 6 points 4 hours ago (1 children)

Well, that's pretty horrifying.

[–] osanna@lemmy.vg 2 points 3 hours ago

dad, that you?

[–] BeUnique@lemmy.zip 10 points 11 hours ago (5 children)

Shouldn't Valve be scanning for these types of things!? The alarming part is that players had to find it

[–] BradleyUffner@lemmy.world 4 points 3 hours ago

Scanners are only going to pick up known "off the shelf" malware. They are never going to pick up something bespoke that the developers wrote themselves.

[–] rob_t_firefly@lemmy.world 3 points 3 hours ago

This appears to have originally been published as a totally different non-malware game. Either the original dev got their account taken over or turned heel, because the entire game was replaced with the malware game as an update to an existing game rather than a new published game.

I'm only speculating as I don't know much about the Steam publishing process, but I wonder if that helped the malware sneak past more rigorous checks which would happen on a totally-new upload.

[–] FireWire400@lemmy.world 18 points 11 hours ago

There are so many games on Steam and every dey a few hundred more are added. I assume there are automated checks and rudimentary malware scans in place but those aren't fault proof.

[–] bold_atlas@lemmy.world 6 points 10 hours ago* (last edited 10 hours ago)

Couldn't they just put the malware in encrypted compression files that the game unpacks on the client end?

[–] Hiro8811@lemmy.world 0 points 7 hours ago

Maybe? Games are huge nowadays and looking through all of them will probably be impossible and not sure how well it'll prove? Google does that and there still are a lot of malware on play store.

[–] GutterRat42@lemmy.world 30 points 19 hours ago

That's the horror part. It's part of the immersion.

[–] HAL_9_TRILLION@lemmy.dbzer0.com 33 points 20 hours ago* (last edited 20 hours ago)

Joke's on them. I just put games in my library and never install them.

[–] gandalf_der_12te@discuss.tchncs.de 87 points 1 day ago (2 children)

the simple solution would be to put every game into a sandbox by default

[–] scholar@lemmy.world 85 points 22 hours ago (2 children)

Every program ideally should be in a sandbox and if it wants permission to access something it should have to ask for it.

[–] defaultusername@lemmy.dbzer0.com 36 points 22 hours ago (2 children)

Kind of like Android or iOS.

Flatpak tries to accomplish this on Desktop, and it works, but isn't as comprehensive as something like Android or iOS.

On the extreme side, there is QubesOS, which runs every app in a dedicated virtual machine, including the networking stack.

[–] BradleyUffner@lemmy.world 2 points 3 hours ago (1 children)

I've never seen a flatpak prompt me for permissions. If it needs something it didn't have it just silently fails for me and I have to guess what permission it needed manually using flatseal. Is that normal or am I setup wrong?

[–] defaultusername@lemmy.dbzer0.com 1 points 3 hours ago

That's normal.

[–] LodeMike@lemmy.today 6 points 21 hours ago (2 children)

Flatpak also doesn't ask for permissions. If an app requires a new one does it just add it upon update?

[–] defaultusername@lemmy.dbzer0.com 1 points 20 hours ago

I believe so.

[–] hirihit640@sh.itjust.works 1 points 21 hours ago* (last edited 21 hours ago) (1 children)

I think either Bazaar or GNOME software center does tell you if an app asks for more permissions, I forgot which one though

[–] LodeMike@lemmy.today 1 points 21 hours ago

GNOME Software. That's not what I'm concerned about though.

[–] justlemmyin@lemmy.world 1 points 20 hours ago (1 children)

Is that what proton does on Linux?

[–] elvith@feddit.org 12 points 19 hours ago (1 children)

No, that's just to make Windows programs/games run on Linux. But you can e.g. use the Flatpack version of Steam to Sandbox Steam and its games (https://docs.flatpak.org/en/latest/sandbox-permissions.html)

[–] gandalf_der_12te@discuss.tchncs.de 1 points 19 hours ago (1 children)

thanks, i didn't know that! i'll keep it in mind.

[–] elvith@feddit.org 3 points 11 hours ago

Only downside: Initially the creator of a Flatpack defines how it is sandboxed. For Steam it's rather permissive. It's not like on mobile where you get asked for permission for everything potentially dangerous/privacy invading, but rather like the earlier days on mobile where you install a Flatpack and implicitly allow all permissions it wants.

An update might change the permissions or introduce new ones. You can use tools like Flatseal to change the permissions of installed Flatpack apps, but keep in mind that those changes will probably be gone after the next update and can introduce problems.

In the end, sandboxing something like Steam is hard, as you not only need to think about Steam's permissions, but also any game you might run from it...

[–] HertzDentalBar@lemmy.blahaj.zone 5 points 20 hours ago

Those are my favourite type of game.

/s

[–] DevoidWisdom@sh.itjust.works 63 points 1 day ago

And compaines wonder why we have trust issues.

[–] BoxOfFeet@lemmy.world 5 points 15 hours ago

Nothing's free in Waterworld.

[–] tehn00bi@lemmy.world 11 points 19 hours ago (3 children)

When is valve removing windows 11?

[–] Kolanaki@pawb.social 4 points 9 hours ago

When you buy a Steam Deck or Steam Machine.

[–] Chais@sh.itjust.works 4 points 10 hours ago

They can't. It's not sold through Steam.

[–] Warl0k3@lemmy.world 21 points 18 hours ago* (last edited 18 hours ago)

Isn't that exactly what SteamOS is doing?

[–] Lost_My_Mind@lemmy.world 11 points 19 hours ago

"Valve removes free game"

What? Why are they removing free games??? Oooooh, they must want you to pick the paid games....

"after players discover it contains malware that steals your data"

Oh. Well that's a very good reason to remove it. Thanks Valve!

[–] TryingToBeGood@reddthat.com 5 points 17 hours ago

Yikes!

[–] LapGoat@pawb.social 5 points 20 hours ago

to be devils advocate, that is pretty scary.

[–] panda_abyss@lemmy.ca 8 points 1 day ago

Once wasm 64 bit deploys more, we should migrate as much as possible to it.

That at least will make it harder to access random files and keys from disk due to the sandboxing.

Sandbox escapes are still possible, but that’s an additional level of control we can enforce.

[–] Gsus4@mander.xyz 1 points 20 hours ago

They had to do one thing...

load more comments
view more: next ›