The Unity Gaming platform is quietly rolling out a fix for a vulnerability that allows third-party code to run on Android-based mobile games, according to two anonymous sources.
The vulnerability adds that the vulnerability primarily affects Android, but sources add that Windows, MacOS and Linux systems are also affected to varying degrees, says the vulnerability affects projects dating back to 2017.
According to sources, Unity has started to personally distribute fixes and standalone patch tools personally, but no public guidance is expected until next Monday or Tuesday.
Cointelegraph contacted Unity for more information, but did not receive an immediate response.
A Google spokesperson told Cointelegraph he knew about the vulnerability.
“Unity has made patches available to app developers to fix this issue, and developers need to update their apps immediately,” the spokesman said.
“Google Play will help developers to release patch versions of their apps as quickly as possible. Based on current detections, there are no malicious apps exploiting this vulnerability in play,” they added.
Unity is one of the most popular game engines in the world
San Francisco-based Unity Technologies is behind Unity, the leading platform for tools to build and grow real-time games, apps and experiences across multiple platforms. According to the company, Unity has over 70% of the top 1000 mobile games and over 50% of the new mobile games are created in Unity.
Harold Halibut: One of the latest games made with the Unity Engine. Source: Unity
Potential threats to crypto wallets
The source described the threat as “processing code injection,” but did not confirm whether the device could be taken over. However, sources said that under certain conditions, the path could escalate to a device-level compromise on Android.
Malicious code can “attempt overlay, input capture, or screen scraping” even without full device access.
How to protect yourself
Sources advise mobile gamers to avoid sideloading and update unity-based games, such as installing apps from unofficial or third-party app stores and downloading Android application packages (APKs) from websites, as well as avoiding sideloading.
The Sideloaded app is not shown by Google Play’s security system, so malicious actors can distribute legitimate game modified versions that take advantage of the flaws of unification. The Sideloaded app will not automatically receive security updates or patches if Unity releases fixes.
Users must also check the device’s permissions and disable unnecessary overlays or accessibility services that run during the game.
Finally, you need to practice risk isolation where the crypto wallet is stored from the game on another device or account.
This is a developing story, and more information will be added as it becomes available.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
