Avast WEBforum

Other => Viruses and worms => Topic started by: JayRI on October 03, 2022, 03:41:36 PM

Title: My Steam/Unity game is being marked suspicious?
Post by: JayRI on October 03, 2022, 03:41:36 PM

Hi,

I'm the developer for a PC Steam game "Airship: Kingdoms Adrift" (Here: https://store.steampowered.com/app/1597310/Airship_Kingdoms_Adrift/ (https://store.steampowered.com/app/1597310/Airship_Kingdoms_Adrift/))

Users in my community have been reporting that our game is marked by Avast as a suspicious file, even though it was packaged and compiled by Unity. The screenshot is below:

(https://media.discordapp.net/attachments/830353955132669963/1026473906829271040/unknown.png?width=1202&height=676)

Please help check this out and see what we can do to avoid this in the future.

Thank you!

Title: Re: My Steam/Unity game is being marked suspicious?
Post by: Pondus on October 03, 2022, 04:32:45 PM

Quote

Please help check this out and see what we can do to avoid this in the future.

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Title: Re: My Steam/Unity game is being marked suspicious?
Post by: DavidR on October 03, 2022, 05:57:33 PM

@  JayRI
Is the file digitally signed as that may help.

From your screenshot, this file has been sent to the Avast Threat Labs, where it could well be considered a False Positive.

Though it didn't trigger full malware alert.  Did there happen to be any more information in the See details option in your screenshot ?

Does this file/game include any anti-cheat function  ?
The reason I mention this is that could well trigger suspicion of what it is trying to do.

Title: Re: My Steam/Unity game is being marked suspicious?
Post by: polonus on October 04, 2022, 03:50:36 PM

Hi JayRI,

Not necessarily it is that the software as such is being flagged,
but it could well be that the IP, that it is being served up from is.
See -> https://sitereport.netcraft.com/?url=https://23.194.105.162
with a nine red out of ten risk rating -
so it may well be akamai-server related,

However not detected nor flagged at VT:
https://www.virustotal.com/gui/url/cbb9039851a03f0c6a2c09a9c9a42d1283d928d4d6d695c54dde22a74cc18f3a/details
nor this being flagged either here: https://www.virustotal.com/gui/ip-address/23.194.105.162/relations

Well probably the akamai server missing security headers is being flagged as an issue-
because see the overall CSP status. with a meagre D-status scan result here: https://securityheaders.com/?q=https%3A%2F%2Fstore.steampowered.com%2Fapp%2F1597310%2FAirship_Kingdoms_Adrift%2F

Wait for a final verdict from avast team members, as they are the only ones to come and unblock
as it is their definitions.

We here are just volunteers with relative knowledge in the field of cold recon and error-hunting website security.

polonus (volunteer 3rd-party cold reconnaissance website security analyst and website error-hunter)