The PvP servers for Dark Souls 3 have been shut down after a new exploit emerged which could let criminals execute malicious code on players’ computers.
A new security vulnerability, a remote code execution (RCE), has been spotted in Dark Souls 3; reported by Dexerto and in pinned threads by moderators on the Dark Souls 3 subreddit. The PvP functionality of the game has been suspended to protect users in response.
As of writing this article, it seems that the exploit plaguing the game is full-on malware that could cause serious and lasting damage to the players desktop. However, the hack is not yet out in the wild, meaning that other hackers do not seem to have access to it.
Kaspersky Home Security
Keep your online activity safe and private across multiple devices – without compromising speed.
Check out Kaspersky’s new security plans from just £10.99 per year
- £10.99 per year
It seems that only players who play online are at risk, with suggestions that it may affect Dark Souls, Dark Souls 2 and the upcoming Elden Ring game as well.
The exploit was actually caught on Twitch during The_Grim_Sleeper’s stream of the game. At the end of the stream the game crashes and a robotic voice, which originates from the Microsoft text-to-speak generator, starts to critique the gameplay from The_Grim_Sleeper.
The user then reported that Microsoft Powershell opened itself, which is a sign that a hacker used the programme to run the script that enabled the text-to-speech feature.
As a result, the servers have been shut down and players are encouraged to play in offline mode or with a Blue Sentinel patch.
Blue Sentinel is a community-made anti-cheat mod for the game and has now been patched against the RCE hole. This mod has been used to address similar, if not less dangerous, issues in the past.
However, some have suggested that the hacker was not being malicious and instead was trying to get the developers FromSoftware to notice the security hole.
The SpeedSoul’s Discord featured a screenshotted post that claims the hacker was trying to contact and report the issue but was ignored. As a result, the hacker started to use interrupt streamers playing the game to draw some attention to the problem.
Although the vulnerability may have been utilised in a harmless way (which has not been confirmed), if a bad actor caught wind of the RCE first, the outcome could have been more dangerous.
RCE is a serious vulnerability and allows hackers to run malicious code on the player’s computer, which can cause irreversible damage and even scrape personal information.
Dark Souls publisher Bandai Namco recently posted on Twitter, thanking users for reporting the issue.
This is not the first time Dark Souls has had issues in relation to hacking; in 2016, hacked items were being left in users games, with invaders corrupting save files.
Thankfully, FromSoftare and Bandai Namco seem to be addressing the issue, with the servers shutting down to protect players and an investigation taking place to better understand the issue.
Both company’s also noted that the shutdown will only affect those playing on PC, so PlayStation and Xbox players are free to continue.
It’s not clear when the servers will be back up, but keep your eyes peeled on Trusted Reviews as we’ll be updating this story as soon as more information comes out.