Avast’s threat researchers have identified malicious edits to the Dota 2 game on Steam that conceal a dangerous virus. The findings were reported by Portal via Sleep Computer. Avast Threat Labs detected four distinct mods that carry malware and are capable of triggering arbitrary system commands. This backdoor enables an attacker to run any JavaScript code delivered over HTTP, granting the ability to both hide the exploit and modify it as needed. Researchers emphasize that this kind of vulnerability can persist quietly on affected machines, especially for users who do not regularly install updates.
The campaign leveraged a known vulnerability, CVE-2021-38003, which was addressed with a patch in October 2021. While Valve and platform operators acted to remove the infected modifications from Steam, a portion of players remain at risk due to irregular system updates and delayed patch application. The scope of the incident points to a broader pattern where popular game ecosystems can unintentionally become vectors for malware when security controls falter or user habits lag behind new threats.
Clear lines of responsibility emerged after Valve was alerted to the danger, leading to prompt removal of infected files from the Steam environment. The Malware’s reach appeared substantial, with reports indicating close to two hundred users affected by the malicious changes. In many cases, the malware operates behind a seemingly legitimate interface, exploiting trust in a trusted platform and a popular title to blend in with normal game updates and mods. This underscores the importance of verifying any third-party content before installation and maintaining a disciplined update regime across operating systems, drivers, and software.
The broader takeaway is that game communities, modding ecosystems, and distribution platforms must remain vigilant against modifications that introduce harmful payloads. Users should enable automatic updates where possible, review mod sources carefully, and consider using security tools that can detect unusual script activity or unexpected HTTP requests. Ongoing research and public reporting of such incidents help strengthen defenses and raise awareness among players who may not connect security concerns with everyday gaming activities. In the security community, the incident is a reminder that attackers continue to exploit legitimate software supply chains to reach targets, making proactive patch management and continuous monitoring essential. [Source: Avast Threat Labs] [Additional context: Sleep Computer]