“And one can only guess who else could get this information.
“For example, the creator of the exploit has already shared information about the vulnerability with the developers of the Blue Sentinel plugin, a mod for Dark Souls designed to counteract cheats,” they wrote. That doesn’t mean that the bug won’t be abused at some point, Kaspersky pointed out. In addition, if you haven't already everybody and their mother can recommend the Blue Sentinel mod It's highly suggested to NOT PLAY ONLINE DARK SOULS 3 in it's current state. Since they hadn’t heard back, they decided to hijack a popular streamer during a streaming session.
Whoever’s behind the attack apparently had benign intentions: According to a screenshotted post on the SpeedSouls’ Discord – a group focused on speedrunning, or playing video games as fast as possible – they were just trying to bring attention to the problem after having not heard back from the game’s developers about the vulnerability.
In that stream, an unknown party launched a PowerShell script on the streamer’s computer that used the Windows Narrator engine to read out critical notes about the gameplay. There’s a demonstration of the exploit in the Twitch stream of a player named The_Grim_Sleeper. “This could brick your PC, let your login information be shared or execute programs in the background, like a trojan horse.”
“On PC there is a new, very serious exploit plaguing Dark Souls 3 which can cause lasting damage to your computer,” SkeleMann explained.
The danger was brought to light on Saturday, when game fan SkeleMann urged players to steer clear of playing Dark Souls 3 online. Servers for Dark Souls: PtDE will join them shortly. PvP servers for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated to allow the team to investigate recent reports of an issue with online services. On Sunday, the developers said that the bug is only relevant for PC users and that Xbox and PlayStation consoles are unaffected. This same bug is reportedly an issue in the Elden Ring game. PvP refers to players being able to interact and duel with each other. The main problem is with Dark Souls III, but the remote code-execution (RCE) vulnerability also affects earlier games in the Dark Soul series, leading the developers to temporarily turn off player-versus-player (PvP) servers across Dark Souls Remastered, Dark Souls II and Dark Souls III. The flaw could allow attackers to do pretty much anything: As Kaspersky researchers explained on Monday, the bug “allows an attacker to execute almost any program on the victim’s computer, so they’re able to steal confidential data or execute any program they wish” – that includes installing malware, letting them access sensitive information or enabling them to rip off resources for cryptocurrency mining. There’s a dangerous remote-code execution (RCE) bug in the Dark Souls video game that could let attackers brick the PCs of online players.