this post was submitted on 01 May 2025
85 points (98.9% liked)

Games

18805 readers
541 users here now

Video game news oriented community. No NanoUFO is not a bot :)

Posts.

  1. News oriented content (general reviews, previews or retrospectives allowed).
  2. Broad discussion posts (preferably not only about a specific game).
  3. No humor/memes etc..
  4. No affiliate links
  5. No advertising.
  6. No clickbait, editorialized, sensational titles. State the game in question in the title. No all caps.
  7. No self promotion.
  8. No duplicate posts, newer post will be deleted unless there is more discussion in one of the posts.
  9. No politics.

Comments.

  1. No personal attacks.
  2. Obey instance rules.
  3. No low effort comments(one or two words, emoji etc..)
  4. Please use spoiler tags for spoilers.

My goal is just to have a community where people can go and see what new game news is out for the day and comment on it.

Other communities:

Beehaw.org gaming

Lemmy.ml gaming

lemmy.ca pcgaming

founded 2 years ago
MODERATORS
nanoUFO@sh.itjust.works
85
How I Found Malware in a BeamNG Mod (lemonyte.com)
submitted 13 hours ago by Thomas2024 to c/games@sh.itjust.works
18 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] brsrklf@jlai.lu 36 points 13 hours ago (3 children)

This made me think, okay, this particular exploit uses malicious code in a mod that targets an old embedded chromium vulnerability, and can be fixed by updating the game's dependencies. This game started a dozen years ago, but it's still being worked on.

How many retro games that are not still in development could have vulnerabilities like that? Especially moddable games.

[–] PoPoP@lemm.ee 6 points 8 hours ago (1 children)

Another thing I think about sometimes is how games can be malicious too. The trend in PC gaming for a while now is "flavor of the month" where every couple months a huge breakout title comes out and everyone plays it for a few weeks.

The expectation from these games is that they run like shit despite being a fifth as graphically complex as a bigger budget game. What stops them from slipping a coin miner in for half a day at the peak of their popularity?

Schedule 1 for example. I love this game and I'm not accusing them of anything, just an example. Let's be honest. It runs at 100fps when it could run at 1000fps. Say the dev finally optimizes it, pushes the optimizations and a coin miner in a hotfix patch with no patch notes post on Steam. Six hours later the dev removes the coin miner and pushes that as a major patch with a patch notes release calling it the "optimization update" or something. We'd be none the wiser.

Don't take this as me saying not to support indie titles but it's a little weird that millions of people install untrusted closed source code from 1-3 devs all at the same time every couple months.

[–] brsrklf@jlai.lu 3 points 6 hours ago (1 children)

It could happen, but especially if the game has at least some popularity on a platform like Steam I expect someone more tech savvy than average would smell a rat and start looking, or ask around, and it'd be found out.

I don't know exactly how those work, but I imagine on top of weird CPU usage it would make very suspicious network calls too. There's always a guy that sees stuff like that and goes "where the fuck are my cycles and packets going?"

[–] PoPoP@lemm.ee 3 points 3 hours ago

Yeah you'd think, but when I worked in cybersecurity the thing that freaked me out the most is how often this just doesn't happen. It can happen immediately or it can take ages.

load more comments (1 replies)