Dark Souls servers taken offline over hacking fears

There’s been trouble brewing over the weekend for players of the smash-hit Dark Souls series. PvP servers (player vs player) were temporarily shut down by the developers after a hack.

PvP servers for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated to allow the team to investigate recent reports of an issue with online services.
Servers for Dark Souls: PtDE will join them shortly.

We apologize for this inconvenience.

— Dark Souls (@DarkSoulsGame) January 23, 2022

Dark Souls says that PvP servers for console versions (PlayStation, Xbox) were not affected, and that it is a PC-centric issue. So what happened?

Harvesting digital souls

It all begins with a popular streamer playing a Souls game in PvP mode. You can view a recording of the stream here (warning: the language is not safe for work). The stream changes very unexpectedly. It switches from regular gameplay to a meme image which includes character Thanos and the words “oof my game crashed”.

On top of that, Text to Speech voice kicks in and begins a long ramble aimed at the streamer. You’ll also hear the incredibly confused streamer in the background, talking about seeing “powershell.exe” on their screen. This is, it has to be said, not a good sign.

Someone had gained control of his PC, mid-stream, to crash his game and autoplay the synthesised speech.

Dark Souls players have run into hacking related problems before, and, as a result, player-created tools like anti-cheat system Blue Sentinel are incredibly popular. Even so, it couldn’t help with this particular “attack” when it came to attention.

Spreading the word

The majority of information bouncing around the player base came from notices in relevant gaming Discord servers, like so:

Hey everyone, it’s come to our attention that a Remote Code Execution (also known as RCE) exploit has emerged for Dark Souls III on PC. This means that potentially malicious players connected to your game may be able to execute code by sending information to your game that directly affects aspects of your operating system. This can lead to sensitive information leaks, including but not limited to: installation of malicious programs such as keyloggers or viruses, theft of account information or login tokens, and access to other sensitive information such as banking info or other things that may be stored on your computer.

We’ve referenced the program Blue Sentinel, a community-made program that serves as a third-party anti-cheat in the past for issues like this; however, it has apparently been made known that RCE can bypass Blue Sentinel. For this reason, it is recommended that if you play Dark Souls III on PC, you may want to stay offline until a further development is made against this exploit. If you still really want to play online, know that there is still a risk of the aforementioned effects, and it would still be recommended to do some research into the Blue Sentinel mod to see if it can help with anti-cheat effects.

This rapid-response spread of information, along with the developers/publisher being made aware of it in public led to Sentinel being updated to ward off the RCE.

Do you need to worry about this?

Talk of remote execution is always scary. You don’t want someone potentially having the ability to do whatever they want to your system. However, the impact from this code-related shenanigan seems to have had an incredibly limited impact. That is to say, the one single streamer from the above video.

It’s claimed whoever first discovered the ability to do this tried to get the developer’s attention and disclose responsibly. It’s also claimed that they didn’t get very far. From a Reddit thread:

I’ll try and clear things up: A person who isn’t malicious discovered a new RCE method, and tried to contact From about it through multiple channels. They ignored him. In an attempt to raise awareness to it so that it would be fixed (as this is a SEVERE security flaw), he did a live benign showcase on stream. It didn’t “leak”. Nobody has it beside him.

If this is accurate, then it’s reassuring with regards to potential spread. At this point, there doesn’t appear to be any reports of it happening outside the gaming stream. Even so, someone could’ve conceivably discovered it separately. There’s also concerns upcoming title Elden Ring could be affected as it apparently shares a lot of code with the older games.

Either way, developer From Software is on the case and the issue is being addressed. More information will probably be revealed over the next few days. If you’re worried, playing offline and running Blue Sentinel is likely your best bet until the fixes are confirmed to solve the problem.

The post Dark Souls servers taken offline over hacking fears appeared first on Malwarebytes Labs.

Article Link: Dark Souls servers taken offline over hacking fears