Valve, the parent company of popular gaming marketplace Steam, redacted a nefarious indie game that allegedly deployed cryptocurrency mining malware on user computers under the guise of an interactive application.
Simple Game, Complicated Code
As reported by VG24/7 on July 30, 2018, the game, called “Abstractism,” forced a victim computer to dedicate computing resources to validating cryptocurrency blocks on the hacker’s behalf, in a process popularly known as “cryptojacking.”
Gamers further voiced concerns that the game’s developers created “fake” in-game collectibles, which would mysteriously disappear once payment was made.
Abstractism was released on March 15, 2018, by game developer Okalo Union and publisher “dead.team.” Despite the scientific name, the game itself is a simple interface in which players move blocks around a 2D space with ambient music in the background. The company described their game as a “trivial platformer,” considering only the “Game Over” prompt to be a unique feature for players.
However, the release itself contained several red flags to dissuade users before getting “crypto jacked.” For one, developers asked gamers to leave the software running even while not playing the game, promising digital collectibles in return.
While the game operated for over four months, YouTuber SidAlpha released a video on July 29, 2018, explaining the Abstractism scam.
Scam Crack Down
As stated, SidAlpha learned about the game after a fan revealed his ordeal. The latter purchased a $100 “golden rocket launcher” for use in Team Fortress 2 but quickly learned the item was meant for use on Abstractism, invariably getting scammed in the process.
After the information, SidAlpha quickly discovered other gamers calling out suspicious operational aspects of the game, such as triggered Windows Defender software, circumvented antivirus software, and most importantly, extremely high RAM usage for a game with simple functionality.
On further investigation, the gamers found out the source of all red flags was an embedded mining malware operation.
On July 23, 2018, dead.team released patch notes to defy any allegations of a malware, stating:
“Abstractism Launcher and Abstractism Inventory Service are not Bitcoin miner (and are not Monero miner too, honestly). These apps are required to connect to the Steam and grant items to your inventory.”
Seven days later, Valve removed the game from Steam, citing:
“We have removed Abstractism and banned its developer from Steam for shipping unauthorized code, trolling with content, and scamming customers with deceptive in-game items.”
The gaming behemoth did not comment on the game’s alleged mining code or reveal any cryptocurrency-related content.
Valve Policies Questioned
SidAlpha told Motherboard the company has zero policies or regulations on monetized in-game content, which leads to several scams and frauds in the domain. The gamer called out Abstractism’s collectible trading feature involving real money, emphasizing on how its developers could create the digital items infinitely.
While no formal figures on the attacker’s total haul are known, data collator Steampsy ascertain a total of 6,000 users have downloaded Abstractism.
Since the rise of illicit cryptocurrency mining, hackers are increasingly finding new tactics to avoid getting caught, with games seemingly becoming a new veil for attackers.
While other malware may work only during a users’ “active” hours, artificially showing “low” computing power usage, game-based miners could cause a user to attribute increased CPU functioning to the game itself, instead of an alien software.
Cover Photo by Daria Sukhorukova on Unsplash