- Multiple communities and Reddit moderators urge people to avoid launching Counter-Strike and Team Fortress 2 while Valve issues an official response
- Hackers could use a Remote Code Execute (RCE) to install malicious software on third-party users
- The temporary drop in player numbers might leave those still playing more exposed to the threat
A dated copy of the Counter-Strike and Team Fortress 2 source code has been leaked on a forum associated with hacking and other clandestine activities.
How Bad Is the Leak?
Valve’s source code for CS:GO and Team Fortress 2 leaked earlier today on 4chan, a community board known for its aggressive discussions and not entirely do-gooder focus.
Following the news, several developing communities have recommended that players avoid entering either game as it exposes them to vulnerabilities from third-parties.
According to experts, community creators, and people who have a better understanding of the engine, hackers may attempt to invade servers and put players at risk of having a third-party install a virus on your computer during online matches.
Do not launch TF2 under any circumstances, Remote Code Execution exploits have already been found which means you can receive a virus from simply joining a server with a cheater. This is not a drill.
— Heavy Update Out Yet (@HeavyUpdateOut) April 22, 2020
The leaked code is an older version of the source dated 2017/2018, but still poses a threat to regular players. Valve has made no comment on the latest developments yet. Communities such as Red Sun and Creators.TF have said that they would suspend all operations until the issue has been properly addressed.
Reddit moderators have also confirmed that avoiding participation in either of the two games would be best for the time being. Here is what Creators.TF’s tweet to the community said:
Due to the recent source code leak we will be closing our servers for the forseeable future. This is because of the uncertainty surrounding security of our infrastructure, as well as a potential for damage to be caused to your computer.https://t.co/gWcIKRMPdj
— Creators.TF (@CreatorsTF) April 22, 2020
The danger is for a nefarious third-parties to execute a Remote Code Execute (RCE) command and forcefully install a virus onto the computers of unwitting players. It’s possible for such an individual to backdoor any defense you have on your computer and install a malware or other malicious software since Steam doesn’t register as harmful installation.
Yet, joining a cheater’s server is not too difficult as it seems.
Hoping for the Best
While this is alarming, moderators urge people not to panic nor delete their Steam or game copies – not connecting to CS:GO and TF2 would be enough. Another source of relief is the fact that, while knowledgeable individuals can exploit the code, they are not very likely to get to many people.
Nevertheless, to avoid a repeat scenario of the Wannacry ransom scam, players should not launch either game, even if the chance to suffer an attack is small.
With the “panic” spreading, though, CS:GO and TF2 might see a dip in their momentum player base, leaving the remaining individuals more exposed.
Thumbnail image credit: Valve