this post was submitted on 11 Aug 2025
175 points (97.8% liked)

Linux Gaming

20602 readers
229 users here now

Discussions and news about gaming on the GNU/Linux family of operating systems (including the Steam Deck). Potentially a $HOME away from home for disgruntled /r/linux_gaming denizens of the redditarian demesne.

This page can be subscribed to via RSS.

Original /r/linux_gaming pengwing by uoou.

No memes/shitposts/low-effort posts, please.

Resources

WWW:

Discord:

IRC:

Matrix:

Telegram:

founded 2 years ago
MODERATORS
monolalia@lemmy.world
175
What is stopping someone from creating a keylogger disguised as a typing game and uploading on Steam? (lemmy.umucat.day)
submitted 3 days ago* (last edited 3 days ago) by xavier666@lemmy.umucat.day to c/linux_gaming@lemmy.world
20 comments fedilink hide all child comments
 

I recently saw the game called "Bongo Cat" on Steam which monitors yours keystrokes and accordingly plays the bongo drums. I saw that it was not working properly on Wayland because it does not allow the game to record keystrokes from other apps.

This got me thinking; how does ~~Steam~~ Valve protect us from malware? I was searching for "steam games malware" on DDG and found out that there were a few incidents regarding this. I understand that Steam probably has a robust mechanism for understanding game behavior but it's kind of a black-box for us.

Is there any independent vulnerability checker for games? How paranoid should one be before downloading games from steam?

PS: I know that as Linux users, most attack vectors don't work for us but it's good to be aware just in case.

Edit: I need to clarify. I know Steam is just a game-launcher, it's not supposed to protect the user after the game is installed. I meant to say how does Valve protect the user from malicious games? Is their mechanism known?

you are viewing a single comment's thread
view the rest of the comments
[–] tal@lemmy.today 1 points 2 days ago* (last edited 2 days ago)

When you run a game, the game is allowed to monitor your input (up to some configuration), so you shouldn’t e.g. open a game and do online banking at the same time.

I mean, once you invoke a game once outside a sandbox, all bets are off from that point on. It can modify your environment to do whatever from that point on. Like, it could, oh, modify your ~/.bashrc to invoke some keylogger binary that it drops off somewhere in your home directory. Just closing the game isn't going to be a reliable mechanism for preventing malware in a game from dicking with the system after that point.