Players of the PC version of Grand Theft Auto (GTA) Online are alarming as a vulnerability has been discovered in the game that can lead to the loss of game progress, theft of game money, a ban and other unpleasant consequences.
Modders warn that an exploit for this problem will allow remote code execution through GTA Online, that is, hackers will be able to remotely launch malware on computers with a running game.
You might also be interested in reading about 5 Dangers of Cracked Games, or Goose Goose Duck Game Servers Are DDoS-Attacked Every Day.
One of the first to report the vulnerability was the Tez2 Twitter account dedicated to Rockstar Games games. According to him, a lot of GTA Online players complain about the loss of progress, bans and kicks that they had to deal with recently. The Rockstar Games support forums are indeed inundated with numerous user reports of account issues.
Tez2 strongly advised all users not to play without a firewall, and also said that the developers are already aware of the problem and are working on a solution.
Shortly thereafter, the issue was posted in a pinned post on the GTA Online subreddit. There, users were advised not to enter the game at all until the developers of Rockstar Games release a patch, since an exploit for a dangerous vulnerability is already available on the network. On Reddit, they emphasize that even a single mode can pose a security risk, and the exploitation of a bug can lead to “damage” to an account, after which it will probably only be left to start a new one.
Bleeping Computer reports that cheat developer North GTA Online appears to be responsible for this commotion, adding new “features” related to the vulnerability to its product on January 20, 2023 (as part of version 2.0.0). Also, according to journalists, the vulnerability has already received the CVE identifier and is being tracked as CVE-2023-24059.
At the same time, the developer of North GTA Online states that he got rid of dangerous functions the very next day, January 21, and apologizes to everyone for the unexpected chaos that this provoked. According to him, it was a mistake to make public functions related to removing money from players and damaging accounts.
Although representatives of Rockstar Games have not yet commented on the incident, modders and experts claim that the exploit for this vulnerability is associated with “partial remote arbitrary code execution”, that is, it can lead not only to hacking GTA Online accounts, but any computer on which game started.
According to Tez2, a workaround for owners of already corrupted accounts could be used to delete the Rockstar Games folder from the Windows Documents folder and then restart the game to update the profile data.
In turn, Speyedr, the developer of the well-known custom firewall for GTA V called the Guardian, warns that attackers are already “on the verge of discovering” a way to completely remotely execute code through GTA Online.
Speyedr emphasizes that the Guardian is still running, and the exploit cannot bypass it, but the firewall needs to be properly configured so that it can protect users from exploiting the vulnerability. For this reason, the developer has temporarily removed the Guardian files from GitHub and urged all Windows users to stay away from GTA Online until the bug is fixed.
It must be said that this situation resembles the incident with the RCE vulnerability in Dark Souls, due to which the developers of Bandai Namco were forced to shut down the multiplayer servers of the Dark Souls series for almost half a year.