Bandai Namco has halted the Dark Souls role-playing game's online PvP feature, bringing its servers offline to investigate claims of a major security issue that may endanger players. According to Reddit user reports, the vulnerability is a remote code execution (RCE) vulnerability that might allow attackers to take control of the system, giving them access to sensitive information, allowing them to plant malware, or use resources for cryptocurrency mining.
According to the reports, the exploit is currently being disseminated, and it may also work against Elden Ring, a Bandai Namco upcoming title. On Saturday, a Discord post clarified that the game developer received details about the RCE vulnerability via a responsible disclosure report directly from the individual who identified it. Bandai Namco is said to have ignored the report, but considering the gravity of the flaw, the reporter chose to demonstrate it on popular streamers to raise awareness and illustrate how critical it is.
The exploit was demonstrated on the Twitch stream of a player named The Grim Sleeper. An unknown entity launched a PowerShell script on the streamer's PC, which used the Windows Narrator engine to read out crucial notes about the gameplay.
"For example, the creator of the exploit has already shared information about the vulnerability with the developers of the Blue Sentinel plugin, a mod for Dark Souls designed to counteract cheats. And one can only guess who else could get this information," researchers wrote. "Also, once demonstrated, other hackers may try to replicate the exploit and use it to cause real harm to players," researchers continued. "There are various possible scenarios here: attackers can use it to steal passwords from game accounts or crypto-wallets, install good old ransomware, hidden miners and much more."
According to Saryu Nayyar, CEO and Founder of Gurucul, this attack highlights the vulnerability of remote workers accessing corporate resources via home networks and personal devices. Because we connect our gaming systems to the same network as resources connected to the corporate network, the virus can simply migrate from home to a much larger operation, she explained.
That is why, she adds, it is vital for security teams to understand how users use network resources and to include that knowledge into an evaluation of the risks and severity associated with attack campaigns. RCE vulnerabilities are not new, but they are hazardous when no one is aware of them, according to Jorge Orchilles, CTO of SCYTHE.