Earlier this year, it became trendy to hijack browsers with cryptocurrency mining extensions typically based on Monero. After briefly being floated as a means by which legitimate, ad-supported websites could theoretically earn money other than advertising (a lovely idea, if practically difficult to implement), folks realized they could raise plenty of cash just by stealing CPU cycles from visitors without informing them it was happening in the first place.
Companies like Google eventually started cracking down on cryptocurrency extensions. While the practice undoubtedly continues, it hasn’t occupied the same headline space it was drawing a few months ago. Now, however, a game has been caught cryptojacking people — all while the developer backpedals and tries to take back their own statements.
Abstractism is a primitive-looking platformer game in Steam Early Access. As Eurogamer writes, users have flooded its forums with negative reviews after discovering that executables within the game folder are detected as malware. When confronted about this, the developer manages to completely deny and also admit to mining cryptocurrency.
That image is from July 23. Here’s a second shot from the same developer, published just one day later.
So, Abstractism doesn’t mine Bitcoin or cryptocurrency, except it absolutely mines Monero, a cryptocurrency. And the game is flagged by various virus scanners as containing two infected executables, not just one.
The developer has claimed that instances of high CPU usage are being caused by people setting their games to High detail. And as YouTuber SidAlpha noted, the patch notes pictured above claim that items drops are controlled solely by the time you leave the game running. How do you generate more cryptocurrency? You leave the damn program running. And the developer has also been caught distributing fake Team Fortress 2 items that sell for $100 or more on the Steam Community Market, presumably in a bid to entice users to leave the game running for longer and longer periods of time. The listing (now deleted after the fake award was publicized) used Valve’s item design and image assets in an attempt to make the item look more valuable than it was.
This reeks. It reeks like somebody put week-old tuna-haggis casserole in the office microwave, with a few dog turds tossed in for good measure. This is precisely the kind of behavior I was worried about when I slammed Steam for taking a hands-off approach to even technical questions of game curation earlier this summer. This is not a game. It has every indication of being an unrepentant cash grab designed to fake people into thinking they’ve gotten rare rewards they haven’t received with the goal of lining an unscrupulous developer’s pockets.
It’s precisely the kind of shameless thievery you’d expect a company with billions of dollars in annual sales to be capable of catching. Instead, more than a week after this story started building, Abstractism remains for sale on Steam. The company will presumably do something about it if consumers get angry enough. Whether that’ll extend to actually cracking down on this kind of behavior is anyone’s guess.
Fortnite Left Players Open to Account Hijacking, Voice Chat Eavesdropping
Security firm Check Point Software says Fortnite developer Epic Games had a major vulnerability in its system that could have allowed an attacker to play as the victim, purchase items, and even listen to the player's microphone.
Samsung, Pixel Users No Longer at Risk for Android Camera App Hijacking
The companies didn't know about the bug until earlier this year when researchers from Checkmarx alerted them. It's a good thing, too. This could have been a huge mess if someone exploited it in the wild.