Well, that's pretty horrifying.
this post was submitted on 21 May 2026
477 points (99.4% liked)
Technology
84857 readers
3842 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
dad, that you?
Shouldn't Valve be scanning for these types of things!? The alarming part is that players had to find it
When I first published a game on steam, valve kept blocking it because I had checked "controller support" and they tested it and said it didn't work with controllers. I tried to find any controller that didn't work, asked a lot of people to test it for me as well, no issues whatsoever. Gave up and unchecked that option. Game got approved. Players used controllers just fine, I went back and checked it and never heard anything from valve again.
This appears to have originally been published as a totally different non-malware game. Either the original dev got their account taken over or turned heel, because the entire game was replaced with the malware game as an update to an existing game rather than a new published game.
I'm only speculating as I don't know much about the Steam publishing process, but I wonder if that helped the malware sneak past more rigorous checks which would happen on a totally-new upload.
Scanners are only going to pick up known "off the shelf" malware. They are never going to pick up something bespoke that the developers wrote themselves.
There are so many games on Steam and every dey a few hundred more are added. I assume there are automated checks and rudimentary malware scans in place but those aren't fault proof.
Couldn't they just put the malware in encrypted compression files that the game unpacks on the client end?
With the amount of games published every day, they can't. They should, but really can't. Either they keep it this way, or review each and every game under the Sun to find malware before they get published.
Maybe? Games are huge nowadays and looking through all of them will probably be impossible and not sure how well it'll prove? Google does that and there still are a lot of malware on play store.
That's the horror part. It's part of the immersion.
the simple solution would be to put every game into a sandbox by default
Every program ideally should be in a sandbox and if it wants permission to access something it should have to ask for it.
Kind of like Android or iOS.
Flatpak tries to accomplish this on Desktop, and it works, but isn't as comprehensive as something like Android or iOS.
On the extreme side, there is QubesOS, which runs every app in a dedicated virtual machine, including the networking stack.
I've never seen a flatpak prompt me for permissions. If it needs something it didn't have it just silently fails for me and I have to guess what permission it needed manually using flatseal. Is that normal or am I setup wrong?
That's normal.
Flatpak also doesn't ask for permissions. If an app requires a new one does it just add it upon update?
I believe so.
load more comments
(3 replies)
Is that what proton does on Linux?
No, that's just to make Windows programs/games run on Linux. But you can e.g. use the Flatpack version of Steam to Sandbox Steam and its games (https://docs.flatpak.org/en/latest/sandbox-permissions.html)
thanks, i didn't know that! i'll keep it in mind.
Only downside: Initially the creator of a Flatpack defines how it is sandboxed. For Steam it's rather permissive. It's not like on mobile where you get asked for permission for everything potentially dangerous/privacy invading, but rather like the earlier days on mobile where you install a Flatpack and implicitly allow all permissions it wants.
An update might change the permissions or introduce new ones. You can use tools like Flatseal to change the permissions of installed Flatpack apps, but keep in mind that those changes will probably be gone after the next update and can introduce problems.
In the end, sandboxing something like Steam is hard, as you not only need to think about Steam's permissions, but also any game you might run from it...
yeah personally i would be fine if it could access anything but my own personal files / the OS installation.
Those are my favourite type of game.
/s
Joke's on them. I just put games in my library and never install them.
And compaines wonder why we have trust issues.
Nothing's free in Waterworld.
When is valve removing windows 11?
When you buy a Steam Deck or Steam Machine.
They can't. It's not sold through Steam.
Isn't that exactly what SteamOS is doing?
"Valve removes free game"
What? Why are they removing free games??? Oooooh, they must want you to pick the paid games....
"after players discover it contains malware that steals your data"
Oh. Well that's a very good reason to remove it. Thanks Valve!
Yikes!
to be devils advocate, that is pretty scary.
Once wasm 64 bit deploys more, we should migrate as much as possible to it.
That at least will make it harder to access random files and keys from disk due to the sandboxing.
Sandbox escapes are still possible, but that’s an additional level of control we can enforce.
But it was a "feature"
They had to do one thing...
view more: next ›