Not the first time it has happened, and likely won't be the last unless Valve implement some more security checks, but recently a few games tried scamming players by renaming into other popular games.
I've seen this a few times now, although it's suddenly coming into focus again because the games being imitated were current massive smash-hits.
The CEO of developer Arrowhead and the Helldivers 2 Creative Director, wrote a post on X noting that they were aware of store dupes posing as Helldivers 2. There was also a post on X from the Community Manager at Pocketpair, developer on Palworld, who also spoke about the recent fakers imitating Palworld too. They've now been removed and hidden from the Steam store, but thanks to SteamDB we can go back and look.
A game that was previously called DO NOT SMILE renamed to Helldivers 2, and even changed the publisher and developer to match, it's especially nefarious because the now hidden Steam page clearly looked like it was Helldivers 2. They even copied some of the recent news posts. Another game, Figurality, did the exact same thing. Then there's the game Stolen Mushrooms, which attempted to be Palworld. There may be others, but those I could find quite easily as examples.
Image from SteamDB
As you can see above from the shot of SteamDB, the developer changed basically everything they could to make it seem like their game was Helldivers 2. And when you look at the store page (hidden but still exists) it certainly would look like Helldivers 2 if you weren't properly clued up:
Of course now there's no purchase button since it's been hidden, but you get the idea. The Wayback Machine archive shows it did have purchases available before being hidden by Valve.
It seems it's quite easy to do, as apparently Valve don't have checks in place against this. I've reached out to Valve to see if they have any comment to share on what they will do in future to protect developers and customers from scams like this. Quite a concerning issue.
Article taken from GamingOnLinux.com.
Lol, and what were they counting on? That Valve would just send them the payout without a second thought? I doubt the payments are automatic and if they were, then I'm pretty sure they no longer are, at least for the small devs/games.
I'd be more worried about what sort of malware may have been included in the download.
Reminds me a bit of the recently reported issue of forking attacks on github.
rustybroomhandle Mar 1
Lol, and what were they counting on? That Valve would just send them the payout without a second thought? I doubt the payments are automatic and if they were, then I'm pretty sure they no longer are, at least for the small devs/games.
Payouts to developers are made once a month and only if it's over $100. So yeah, Valve probably going to refund some people.
hardpenguin Mar 1
Linux_Rocks Mar 1
Last edited by akselmo on 1 March 2024 at 2:42 pm UTC
slaapliedje Mar 1
I had someone post a game I made (it's free on itch.io) to steam. This happens probably way more often for us small name hobbyists and indies, so make sure to double check especially if you see a small game that it's uploaded by right person.This is what I was trying to bring up about the Urquan Masters being made available on Steam. I'm sure it's happened in the past, and will happen in the future, that people just take other people's games, or open source engines, etc, and sell them on Steam. It's also kind of the equivalent of people selling the hard drives or SD cards filled with roms and retroarch on ebay...
Philadelphus Mar 1
I see a simple fix that shouldn't cause too much trouble for anyone: have any "Store name" changes require manual approval. That's not something that should legitimately need to be changed very often, so it shouldn't unduly burden Valve employees, and it won't matter that the description, screenshots, etc. can be changed if the name remains the same. It's a little odd to me that it can be changed at will right now.
Apply a fee for name changes and the burden goes away fully (as would probably the scam attempts).
Lol, and what were they counting on? That Valve would just send them the payout without a second thought? I doubt the payments are automatic and if they were, then I'm pretty sure they no longer are, at least for the small devs/games.
I'd be more worried about what sort of malware may have been included in the download.
Reminds me a bit of the recently reported issue of forking attacks on github.
This could actually be the start of something worse, like steam and open source taking a reputation hit. Sounds like a conspiracy theory but then again if there was no malware along with no payout then it seems more likely. (They could just be dumb.)
Philadelphus Mar 3
This could actually be the start of something worse, like steam and open source taking a reputation hit.Steam, maybe (though I personally doubt it), but how would anyone connect this to open source? Steam isn't open source. It wasn't even a security issue, just bad actors abusing normal functionality in unforeseen ways (though hopefully the fact that it happened will cause Valve to make some changes to prevent it happening again).
a) Event: name of the game is changed -> does the name already exist in another game? Or one that is at least a close match? -> Lock page and send for manual check.
b) Event: The game page is revised -> Analyse the game page. Calculate hash values that can be compared for similarity. If there is a certain similarity value with another website -> block the change and send for review.
c) To make b) even better -> in addition to a value for the entire website, create sub-values for parts of the page -> if there are too many similarities -> block the page and send it for manual review.
In order not to penalise game providers in the event of justified changes, the previous version of the page is displayed until the manual check has been completed. The title can then be sold on in the event of a "false positive".
All correct and legitimate changes could then be made automatically as before.
Last edited by KuJo on 4 March 2024 at 10:23 pm UTC
Patreon
PayPal
See more from me