GTA Online bug exploited to ban, corrupt players’ accounts


Grand Theft Auto (GTA) Online players report losing game progress, in-game money being stolen, and being banned from game servers due to an alleged vulnerability in the game’s PC version.

GTA Online is the multiplayer spin of the popular action-adventure game series by Rockstar Games, initially released in October 2013, with new content being added to it through free title updates.

Reportedly, a new “remote code execution” vulnerability in the PC game client was abused by the developer of the ‘North’ Grand Theft Auto V cheat to remotely change player’s account attributes (like zero their money balance), corrupt accounts, and even ban players from the game.

According to the user reports, the exploit can impact even players not in the same multiplayer lobby as the attackers, so anyone, as long as they’re online, is susceptible to attacks.

According to a changelog seen by BleepingComputer, the North GTA Online cheat developer added these new “features on January 20th, 2023, as part of its 2.0.0 release.

GTA Online Cheat command list
Source: BleepingComputer

This alleged vulnerability has received a CVE and is being tracked under CVE-2023-24059. 

The developer of the North GTA Online cheat removed these abusive features on January 21st, apologizing for the mayhem it has caused.

“Removed badsport/corrupt account for players (bad judgement on my part for adding this public),” reads a changelog for the North cheat.

“Removed take money from player (bad judgement on my part for adding this public).”

Unfortunately, the reversal comes too late, as the issue has already affected many gamers.

The Rockstar Games’ support forums have been flooded by user reports claiming to have experienced account problems since the cheat’s release.

Rockstar Games support forums on Monday morning
Rockstar Games support forums on Monday morning
(BleepingComputer)

Not safe to play on a PC

While Rockstar Games has not issued an official announcement on the situation yet, developers and those in this space claim that the exploit is a “partial remote code execution” flaw and could extend to breaching not only GTA Online accounts but also the security of the computer running the game.

A Twitter user, Tez2, who closely follows Rockstar Games, stated that users should avoid playing the game without a firewall rule, or better, not play it at all.

A temporary fix for corrupted accounts that seems to have worked for some players is to delete the “Rockstar Games” folder from the Windows Documents folder and then reload the game to refresh profile data. 

BleepingComputer has not tested this method, so proceed at your own risk.

Speyedr, the developer of a custom GTA V firewall tool named ‘Guardian,’ has warned that attackers are on the verge of finding a complete remote code execution pathway for the newly emerged exploits.

However, Speyer warned that Guardian needs to be configured correctly to protect users against the exploit and advises that Windows users not play the game until the bug is fixed.

“Just to reassure everyone–Guardian still works, and this new exploit doesn’t somehow bypass Guardian,” tweeted Speyedr.

HOWEVER, the chance of any user (especially beginners) setting up Guardian incorrectly in a way that doesn’t protect them is too high for such a dangerous exploit.”

BleepingComputer has contacted Rockstar Games to comment on these issues, but we are still waiting to hear back from the game publisher.

Until there’s an official fix for the issues by Rockstar Games, it would be advisable to avoid launching the game on PC, especially if you have logged significant progress or have spent a lot of money on it.





Source link