CyberSecurity news

FlagThis - #unidentified

@The DefendOps Diaries //

Valve Removes Malware-Laced Video Game Demo from Steam

Valve has recently removed the video game "Sniper: Phantom's Resolution" from Steam after users discovered that its free demo contained infostealer malware. This marks the second instance in recent months where Steam has been exploited to distribute malicious software, raising concerns about the platform's security measures. The incident came to light when users on Reddit analyzed the demo and reported their findings.

The malware in "Sniper: Phantom's Resolution" follows a similar incident from last month involving a game called "PirateFi," which also turned out to be a malware plant designed to steal player passwords. These incidents emphasize the need for Steam to enhance its vetting process for game demos. Users are advised to exercise caution when downloading and installing content from the platform, ensuring they have up-to-date antivirus software and are vigilant about potential threats.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • infosec.exchange: NEW: Valve removed a video game from Steam after users reported that its free demo was actually an infostealer malware. Very similar thing happened last month with another video game laced with malware.
  • techcrunch.com: Valve removes video game demo suspected of being malware
  • The DefendOps Diaries: Steam's Security Challenge: Malware in Game Demos
  • CyberInsider: Steam Removes “Sniper: Phantom’s Resolution†After Users Find Malware in Demo
  • PCMag UK security: Steam Used (Again) To Trick Gamers Into Installing Malware
  • www.bleepingcomputer.com: Steam pulls game demo infecting Windows with info-stealing malware
  • bsky.app: Valve has removed a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with information stealing malware.
  • bsky.app: Steam has removed the demo of an upcoming game named "Sniper: Phantom's Resolution" for installing malware on user devices.
  • BleepingComputer: Valve has removed a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with information stealing malware.
  • bsky.app: Valve removes a game titled 'Sniper: Phantom's Resolution' from the Steam store following multiple user reports that indicated its demo installer actually infected their systems with information stealing malware.
Classification:
Lily Hay@WIRED //

Cybercriminals Steal Taylor Swift Tickets from StubHub

Cybercriminals have allegedly stolen over $635,000 worth of Taylor Swift concert tickets by exploiting a loophole in an offshore ticketing system. Two individuals, Tyrone Rose, 20, and Shamara Simmons, 31, have been arrested and charged with grand larceny and computer tampering. The scheme involved stealing URLs for nearly 1,000 tickets to various events, including Taylor Swift's Eras Tour, Ed Sheeran concerts, Adele concerts, NBA games, and the US Open Tennis Championships, before reselling them for substantial profit.

Between June 2022 and July 2023, Rose and Simmons allegedly stole the tickets through an offshore ticket vendor and then resold them on StubHub in the US for significant profit. Rose, an employee of Sutherland Global Services, a third-party contractor for StubHub Jamaica, is accused of abusing his access to the network to find a backdoor. Prosecutors say the pair stole the tickets by allegedly intercepting approximately 350 orders from StubHub. The investigation is ongoing to determine if the Swift ticket scam was part of a wider operation.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • WIRED: Cybercriminals Allegedly Used a StubHub Backdoor to Steal Taylor Swift Tickets
  • The Register - Security: Alleged cyber scalpers Swiftly cuffed over $635K Taylor ticket heist
  • The DefendOps Diaries: Cybercrime Exposes Vulnerabilities in Ticketing Systems: A Case Study
  • BleepingComputer: Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets
  • darkmarc.substack.com: Cybercriminals pulled off a massive ATM heist, hackers stole $600K in Taylor Swift concert tickets, and Mark Cuban made a bold move for laid-off tech workers. Instagram users were hit with a disturbing glitch, and Mozilla’s new terms sparked privacy fears. Here’s what happened this week.
  • www.techradar.com: Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
  • bsky.app: Cybercriminals Allegedly Used a StubHub Backdoor to Steal Taylor Swift Tickets
Classification:
  • HashTags: #TicketScam #TaylorSwift #CyberCrime
  • Company: StubHub
  • Target: StubHub
  • Attacker: Unidentified
  • Product: StubHub
  • Feature: Ticket Theft
  • Type: Hack
  • Severity: Medium

Posts

Blogs

Research Tools