Team Fortress 2 players may be vulnerable to RCE attacks after source code leak (updated)

Cal Jeffrey

Posts: 3,033   +814
Staff member

Update (4/23): Valve has been quick to respond and dismiss this as a risk to Team Fortress 2 or Counter-Strike players, saying the code leak took place years prior and there's no reason to be alarmed. Check out the full statement on the Twitter thread below.

It seems that the source code for Team Fortress 2 has leaked and has led hackers to develop a way to infect other players with malware. The source code appears to be from 2017 and 2018 versions of Counter-Strike: Source and Team Fortress 2, according to Steam Database.

A tweet from one TF2 fan indicates that remote code execution exploits have already been spotted in the wild. This allegation has yet to be confirmed, but if true, this poses a severe risk to players. An RCE attack can give a hacker full control over your computer or execute any code without the user's permission. Remote code execution is what the Wannacry ransomware attacks used that caused so much trouble as late as last year.

Combing through the forums reveals some who have played down the potential for harm. Reddit moderator Demoman claims that the source code is "old" and was initially leaked one or two years ago.

"It is unlikely but not impossible that security flaws such as RCE (Remote Code Execution) exist," Demoman writes. Furthermore, Neither Valve nor the Team Fortress 2 Twitter accounts acknowledge the leak or the alleged risks of RCE attacks.

Still, even though it has not been confirmed, the seriousness of the risk warrants extra caution when playing TF2, CS: GO, or potentially any other online Source games including Garry's Mod. Moderators on the TF2 subreddit are warning players to stay off servers or avoid the games altogether until an "all clear" has been issued — prudent advice considering the implications.

Permalink to story.

 

Puiu

Posts: 4,672   +3,542
TechSpot Elite
The only thing you need to do is not install weird mods or play on suspicious servers. And it seems this code is nothing new:

"We have reviewed the leaked code and believe it to be a reposting of a limited CS:GO engine code depot released to partners in late 2017, and originally leaked in 2018. From this review, we have not found any reason for players to be alarmed or avoid the current builds (as always, playing on the official servers is recommended for greatest security). "
 
Last edited:

mrvco

Posts: 124   +121
Is this why my favorite TF2 servers were lightly populated today? Regardless, the threat doesn't sound concerning... of course I only use my Windows machine for gaming.