Dark Souls exploit lets attackers take over your PC

Image:

Dark Souls exploit lets attackers take over your PC

A hacker hit a popular Twitch streamer to highlight the issue and draw developer attention

Japanese video game developer FromSoftware and publisher Bandai Namco have temporarily shut down the PvP servers for Dark Souls Remastered, 2, and 3, following the discovery of a critical security exploit. Attackers can use the flaw to run malicious code and gain remote access to players' PCs if they are playing online.

"PvP servers for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated to allow the team to investigate recent reports of an issue with online services," the team wrote on Twitter.

"Servers for Dark Souls: PtDE will join them shortly. We apologize for this inconvenience. This downtime does not affect PvP servers for Xbox or PlayStation consoles."

https://twitter.com/DarkSoulsGame/status/1485210967009071108?ref\\_src=twsrc%5Etfw

The exploit was discovered in Dark Souls 3 and seen in action during The__Grim__Sleeper's Twitch stream of Dark Souls 3 online.

In his case, the game randomly crashed towards the end, with a robotic voice belonging to Microsoft's text-to-speech generator criticising his gameplay.

The__Grim__Sleeper claimed that Microsoft PowerShell opened by itself, suggesting that an attacker used the programme to execute a script that triggered the text-to-speech feature.

But it appears that the hacker might not have had malicious intent.

A post on the SpeedSouls Discord claims the intruder responsible for the attack had known about the flaw for some time. The person tried to reach out to FromSoftware and draw their attention to the exploit, but the developer didn't respond.

The person began compromising streamers to highlight the issue, and it has certainly succeeded.

Users have shared Discord message in the Elden Ring subreddit stating that the remote code execution exploit could enable hackers to "steal your logins and banking information" and run malicious programmes like Bitcoin miners, although this could be hearsay.

Some players said the exploit could impact the upcoming game Elden Ring as well, which would be bad news for the highly awaited title.

"According to the people in discord this should be possible in Elden Ring too," one user wrote.

"Either From [the developers] fixes this or Elden Ring is doomed from the start."

As reported by The Verge, a representative for Bandai Namco thanked the posters on Reddit, stating that issue has been submitted to the relevant internal teams.

"Thanks very much for the ping, a report on this topic was submitted to the relevant internal teams earlier today, the information is much appreciated!"