Update: Arc System Works releases new BlazBlue update to stop security vulnerability in the game
This comes following Guilty Gear Strive getting hit with different hacking issues
Update: Arc System Works has now released a new update for BlazBlue: Central Fiction on Steam to close the security vulnerability that left players open to potential malware. You can find their statement and the original story below.
Players who enjoy themselves some BlazBlue: Central Fiction on Steam should probably be extra careful about who they match up against right now.
There are multiple reports circulating that hackers are allegedly targeting BlazBlue players with forced malware installation, which could severely compromise PC security.
According to said reports, there is currently an exploit in BBCF's online lobbies that can allow for someone to send a payload to another player, which is forced to download and run.
What this malware could potentially do to impacted users is still being explored, but Twitter user Pangaea has apparently gotten ahold of the malicious script for testing.
📢Announcement
— ArcSystemWorks (@ArcSystemWorksU) July 20, 2022
We have released a patch for the Steam version of "BLAZBLUE CENTRALFICTION" to resolve a vulnerability in the game system. Please update your game to the latest version.#BlazBlue pic.twitter.com/pQ5UWwcq4s
What has been discovered so far is this particular payload disables Microsoft's Defender firewall and replaces one of the game's scripts with a different one.
Even if this particular malware doesn't cause too much harm, an exploit of this level being open in BlazBlue opens the door for potentially much worse if the problem is not fixed soon.
Luckily, reports suggest that most firewalls and antivirus software will catch and block these attempted security breaches, but BlazBlue players should still proceed with caution online.
To any blazblue heads out there. Be careful 😔🙏 pic.twitter.com/4fXt2AePsA
— Yuso (@Yusoooo_) July 15, 2022
While most discussion of the alleged hackers is tied to Central Fiction's lobbies, there are conflicting reports as to whether players on ranked online are vulnerable to this happening as well.
There's currently no reports of this happening on BlazBlue: Cross Tag Battle, but considering both games were updated with new rollback netcode this year, it's probably best to play it safe their too for the time being.
more info on the BBCF payload through VT (on a premium account), we have some info about what the payload is doing, specifically:
— Pangaea (@Pangaea__) July 15, 2022
-disables MS Defender firewall
-deleting a file which was most likely the original powershell script that unpacks the DLL into the game pic.twitter.com/GXZrvLGOkE
This isn't the first time in recent weeks that Arc System Works fighting games have been the target of malicious online activity, as Guilty Gear Strive has also been facing issues as of late.
I don't know if others have been doing the same wrt GGST hackers but I have sent a detailed support ticket to @ArcSystemWorksU and I recommend you do the same so that this issue can be solved ASAP.
— アニャ Anya@Eorzea (@ban_anya) June 19, 2022
My game literally does not start anymore due to outside interference.
It's not the same as trying to install malware on your PC, but hackers have discovered a way to change a player's information in-game, which can cause them to be kicked from online servers or even potentially access their account / game.
BlazBlue's current situation feels eerily similar to the security exploit found in the Dark Souls PC ports, which forced From Software to take servers down, so hopefully Arc System Works is already aware of the issue and is working on a fix ASAP.
