Steam game accused of turning PCs into cryptocurrency miners
UPDATE: Valve offers replacement items for scam victims.
UPDATE 1/8/18: In addition to adding a warning pop-up for suspicious trades, Steam will now also require approval in order for a game to change its name.
The information was posted on a Reddit thread by Valve employee Tony Paloma, who's somewhat bizarrely named “Drunken_F00l” on the site. The reason for the change is to prevent games from scamming Steam users into buying fake items, which is what happened when the game Abstractism renamed itself Team Fortress 2 to sell a bogus rocket launcher.
According to Paloma, Valve has also promised to “restore and recover” any items that were lost due to the scam. Valve apparently hopes to make these refunds automatic. This was welcome news for the original victim, “Poor Asian Boy,” who thanked Valve for the “reassurance and response”.
UPDATE 31/7/18: Last night, Valve pulled the game Abstractism from the Steam store. In a statement to Kotaku, Valve explained it had "removed Abstractism and banned its developer from Steam for shipping unauthorised code, trolling, and scamming customers with deceptive in-game items".
But according to Steam code shared by Reddit users, Valve has also taken steps to actively prevent fake item scams via the Steam marketplace. The code shows a pop-up will appear should players attempt to trade for items in a game they have never played, with a warning saying: "This trade appears suspicious". In theory, this should prevent scams similar to the one seen in the Abstractism incident, where a player was tricked into buying an item that appeared to be from TF2, but actually originated from the Abstractism game.
ORIGINAL STORY 30/7/18: Steam has come under fire in recent months for opening its store to hundreds of decidedly dodgy games, and it seems this policy is once again hurting customers, as one game on the Steam store is reportedly turning players' computers into a cryptocurrency-mining botnet.
The offending game in question is called Abstractism - an indie which masquerades as a "trivial platformer" but seems to be doing something far more insidious. Multiple players have left negative reviews with screenshots showing evidence the game installs a Trojan virus "disguised as as a steam.exe process" along with malware under the name "abstractism launcher". After seeing these reports, YouTuber SidAlpha investigated the game and found these viruses are likely installing cryptocurrency mining software. This presents a huge risk for players, as according to CSO, "cryptojacking" can damage computer performance, increase electricity bills, and even infect cloud infrastructure.
Although cryptojacking is notoriously difficult to detect, one of the clearest signs a computer is being used to mine coins is increased use of CPU and GPU, both of which have been reported by Abstractism's players. The game's developer, Okalo Union, has claimed this only occurs when players are using "high graphics settings", but this is inconsistent with the style of the game (a simple platformer) and the very low recommended settings listed for the game on its Steam store page.
SidAlpha has also highlighted that the developer's recent posting on "item drops" encourages players to keep the game running all day, which means the hackers can maximise their time using the game to farm cryptocurrency. On top of this, the post encourages players to be in-game on Fridays to allow the "drop limit" to reset. According to SidAlpha and CSO, this is yet another tell-tale sign of cryptojacking, as it gives the hackers time to collect "hashes" from the infected computers (solved problems required for mining coins).
One commenter on SidAlpha's YouTube channel bravely decided to test the theory by running Abstractism on a virtualiser. The user, called Mateus Muller, confirmed the game's use of CPU, GPU, RAM and IO was "consistent with what you would expect from a crypto miner," while the game also caused a "huge amount of network activity" that could be explained by the program downloading the blockchain.
And, if you needed further convincing, there's this screenshot taken by SidAlpha which shows the game devs admitted to using Abstractism for mining the cryptocurrency Monero. The comment has since been deleted, but the internet never forgets.
The game's crimes, however, appear to extend beyond cryptojacking. One Steam user also reported on backpack.tf they'd been scammed by a fake TF2 item dropped by the game. The screenshot shows Abstractism used TF2 artwork and text to create a fake listing for an Australium Rocket Launcher - an item which currently sells for over $100 on the Steam Community Market. The listing was clearly convincing enough to fool the scam's victim, who traded a high-value item only to receive the fake in return. Looking at Abstractism's item shop, the TF2 rocket seems to have since been deleted. Perhaps copying Valve's intellectual property for a scam was a step too far for the developer.
Eurogamer contacted Abstractism's developer for comment, and is yet to receive a reply.
Obviously, the fact Abstractism was able to be sold on Steam raises serious questions about Valve's process for approving games to be distributed on the platform. Valve recently stated in a Steam blog it would "allow everything onto the Steam Store, except for things that we decide are illegal, or straight up trolling," yet it seems they are failing even in this regard. Perhaps most worryingly, the offending game in this incident was hardly subtle: the poorly-hidden malware, the brazen attempt to scam with fake TF2 items, and galleries of Pepe and Putin memes should have set alarm bells ringing long before the game was ever made available to the public. Until Valve changes its current laissez-faire approach to maintaining its store, Steam users may fall victim to even more sophisticated scams, leaving customers to question whether they're actually safe on the platform.