The bug lies within Source itself, meaning any game utilizing the engine could be affected. This includes titles like Counter Strike: Global Offensive, Dota 2, Black Mesa, Left 4 Dead, and Portal 2.
Cyberpunk 2077 mods could give hackers access to your PCDell Latitude laptops get huge privacy upgradeHackers are upgrading Nvidia RTX 3080 GPU laptops — What you need to know
While the bug can theoretically impact any game using Source, the primary concern at the moment revolves around Counter-Strike: Global Offensive. Secret Club made a statement claiming that it can only verify this exploit existing in CS:GO, and are unsure which other Source games still have the issue. Regardless, it’s best to remain cautious when accepting an invite for any game that uses Source. The video above showcases this exploit in action. After accepting a CS:GO invite on Steam, remote code execution is initiated to open a calculator on the victim’s computer. This could be programmed to do something far more malicious, and a hacker could access your private information with it. In an interview with Vice, Secret Club founder Carl Schou claims that Valve’s work to fix the bug has been a “complete disappointment,” citing “low response times” and “little to no patches being pushed to production.” In the same interview, Florian (the first person to have discovered the exploit), commented on the severity of the bug, claiming that one infection is all that’s needed to begin a chain and affect all of the user’s friends. We recommend ignoring Steam invites from anyone until Valve patches the bug. Since friends can unknowingly be hacked and have their account taken over, you’ll never know who is and isn’t safe. Keep in mind, this bug is only present in Source, so accepting Steam invites for games like Valheim and Outriders should still be safe.
