The first-person shooter Counter Strike: Global Offensive has had a critical security vulnerability since 2019. Even after more than two years, this gap can still be exploited.
Invasion gate for malware
The security hole in the first-person shooter has not been closed to this day. In the process, the software company Valve was already made aware of this in 2019 by the discoverers of the vulnerability. Even though it is very well known that video games in particular have some vulnerabilities, these should also be closed when they become known. In most cases, these vulnerabilities do not pose a risk to the user’s own system, but rather license queries are bypassed or game states are manipulated. However, if a vulnerability allows access to the computer or the user’s own system, action must be taken.
Unfortunately, the open vulnerability in Counter Strike: Global Offensive can still be actively exploited. This way, criminals can infiltrate the system and reload further malware. It is enough for the victims to click on a Steam invitation, for example, to place an exploit. The injected malicious code then simply spreads like a worm throughout the victim’s system. Once the system is infiltrated, cybercriminals can exploit it for a variety of tasks, from crypto mining to DDoS attacks.
However, this does not seem to be of much concern to American software company Valve. The vulnerability is simply ignored so far. Thus, after all, the bug has been known for over two years and still no patch has appeared. Counter Strike: Global Offensive was first released in 2012 and still has a large number of active gamers today, so it would be urgent to act.
The company has already classified the vulnerability as critical, but does not attach much importance to it. In the meantime, some security researchers have also published reports on this to increase the pressure on the Valve Cooperation. It remains to be seen how the company will now react to this and whether it will hopefully work at full speed on a patch.
Until a bug fix is released, Counter Strike: Global Offensive players should only respond to Steam invitations from reliable sources and ignore all other invitations.