A bug in GTA Online was exploited to ban and corrupt players’ accounts


Grand Theft Auto (GTA) Online players report losing game progress, having in-game money stolen, or being kicked from game servers due to suspected vulnerabilities in the PC version of the game.

GTA Online is a multiplayer spin on Rockstar Games’ popular action-adventure game series, originally released in October 2013 and expanded with new content through a free title update.

A new “remote code execution” vulnerability in the PC game client was reportedly exploited by the developers of the Grand Theft Auto V cheat “North” to remotely change the account attributes of players (including in-game players).

Grand Theft Auto

User reports indicate that the exploit can affect players who are not in the same multiplayer lobby as the attacker, leaving everyone vulnerable to attacks as long as they are online.

A North GTA Online cheat developer added these new “features” as part of his 2.0.

This suspected vulnerability has received a CVE and is tracked as CVE-2023-24059.

The developers of the North GTA Online cheat removed these rogue features on January 21st and apologized for the confusion they caused.

“Removed player’s bad sport/corrupt account (my poor judgment to add this to the public),” reads the Nord cheat changelog.

“Taking money from players (my judgment is poor on adding disclosure).”

Unfortunately, the reversal comes too late as the problem has already affected many gamers.

The Rockstar Games support forums have been inundated with reports of a user claiming there were issues with his account since the cheat’s release.

Not safe to play on a PC

Rockstar Games has yet to make an official statement on the situation, but developers and experts say the exploit is a “partial remote code execution bug” that not only affects GTA Online accounts, but It also claims that it can affect computer security as well. game run.

One Twitter user who follows Rockstar Games closely, Tez2, said that users should not play the game without firewall rules, or better not play at all.

A temporary fix for broken accounts that seems to work for some players is to delete the Rockstar Games folder from the Windows Documents folder and reload the game to update the profile data.

BleepingComputer has not tested this method, so use it at your own risk.

Speyedr, the developer of a custom GTA V firewall tool called “Guardian,” warns that attackers are trying to find code execution paths that are completely remote for newly surfaced exploits.

However, Speyer warns that Guardian must be properly configured to protect users from exploits, and advises Windows users not to play the game until the bug is fixed. “I would like to reassure everyone that the Guardian is still functional and this new exploit will not bypass the Guardian in any way,” Speyedr tweeted.

However, the chances of a user (especially a novice) accidentally setting up a guardian in an unprotected way is too high for such a dangerous exploit. ”

BleepingComputer has reached out to Rockstar Games to comment on these issues, but the game is still awaiting feedback from the publisher.

We recommend that you do not launch the game on PC until an official resolution to the Rockstar Games issue is found. Especially if you’ve made a lot of progress or spent a lot of money.