Hackers found a way to breach an unsuspecting victim's computer security through something as innocuous as a Steam invite. Valve has yet to patch the bug, even though non-profit reverse-engineering group Secret Club claims the company has known about it since 2019. Secret Club also claims that Valve is not allowing the organization to publicly disclose this information.
The bug lies within Source itself, meaning any game utilizing the engine could be affected. This includes titles like Counter Strike: Global Offensive, Dota 2, Black Mesa, Left 4 Dead, and Portal 2.
- Cyberpunk 2077 mods could give hackers access to your PC
- Dell Latitude laptops get huge privacy upgrade
- Hackers are upgrading Nvidia RTX 3080 GPU laptops — What you need to know
While the bug can theoretically impact any game using Source, the primary concern at the moment revolves around Counter-Strike: Global Offensive. Secret Club made a statement claiming that it can only verify this exploit existing in CS:GO, and are unsure which other Source games still have the issue. Regardless, it's best to remain cautious when accepting an invite for any game that uses Source.
The video above showcases this exploit in action. After accepting a CS:GO invite on Steam, remote code execution is initiated to open a calculator on the victim's computer. This could be programmed to do something far more malicious, and a hacker could access your private information with it.
In an interview with Vice, Secret Club founder Carl Schou claims that Valve's work to fix the bug has been a "complete disappointment," citing "low response times" and "little to no patches being pushed to production." In the same interview, Florian (the first person to have discovered the exploit), commented on the severity of the bug, claiming that one infection is all that's needed to begin a chain and affect all of the user's friends.
We recommend ignoring Steam invites from anyone until Valve patches the bug. Since friends can unknowingly be hacked and have their account taken over, you'll never know who is and isn't safe. Keep in mind, this bug is only present in Source, so accepting Steam invites for games like Valheim and Outriders should still be safe.