Users have reported that a fan-made game based on Sonic the Hedgehog contains malware.
The game, “Sonic Gather Battle,” was found by Discord user LJSTAR to contain DRM. If the player tries to run a cheat engine in a browser, it will close the browser. The game’s background will also turn blue and it will spawn red, invincible “ghosts.” LJSTAR said that the game at this point is “not unplayable.” Uninstalling and reinstalling won’t fix the problem.
If you go into the registry to try and remove things, the game’s background turns blood red with a static overlay and creepy yellow/red eyes popping in and out. The infamous boss theme from the US version of the Sonic CD soundtrack also plays. Ghosts appear and kill you nearly instantly. You can’t even pause the game to exit. Uninstalling and reinstalling simply returns it to the blue background glitch.
If the program is installed on the computer, you cannot search for the game’s name followed by “cheat,” “hack,” “mod,” or similar keywords on Google because the browser closes immediately. Doing this also activates the DRM protection.
LJSTAR also reports that you can’t share your save file from one computer to another because it causes the red background glitch on the other computer.
LJSTAR said that the only way to remove the DRM is to “talk to a specific person, prove him that you are innocent and it was a glitch, then he will talk with the creator which will white list your PC again.”
YouTuber SidAlpha adds that the game requires administrative permissions in order to run so that it can make changes to the operating system and the registry. He also said that the game also uploads info to cloud storage service OpenDrive possibly to check in on a blacklist/whitelist maintained by the developer to disable or reenable the game for individual users. The game also makes use of an API call for raw hard disk access in order to search for hack tools or cheat engines.
You can see the game’s DRM in action with YouTuber Sami’s video below:
Facepunch Forum member Testmega said that the supposed reason the DRM was implemented was because the creator was “super protective of his sprite edits to the point where he wanted to control who could and couldn’t play the game.”
People have shared similar experiences on Reddit. “Full web browser tracking, gather of PC information for personal use, scanning of files and programs, this [creator] has done it all,” said Reddit user ItsKiino. “All because he didn’t want people getting the sprites. It’s kind of scary what sort of software we implicitly trust on our computers as ‘unlikely to ever be a problem’ sometimes.” A User on BSPD95’s original thread writes that “instead of payment you give your computer’s info to this guy which isn’t right.”
The game, developed by a user known as Leemena Dan according to a video by BSPD95, uses sprite art from Sonic Battle on the Game Boy Advance. The game can either be played as a four player fighting game reminiscent of Super Smash Bros or as a co-op sidescrolling beat-em-up. You can play as Mario and Megaman X in addition to classic Sonic characters.
The official Sonic game Sonic Mania was criticized when it released on PC with the unpopular DRM known as Denuvo. As Polygon reported, the DRM required players to maintain an online connection in order to play it. Hackers cracked the DRM days after the game launched on PC, according to the publication.
Back in September 2016 an update to Street Fighter V on PC added a secret rootkit that gives any installed application kernel-level privileges, according to The Register. Publisher Camcom claimed that the driver was used to stop players from hacking the game but The Register reported that malicious software on the system could use the driver to take over the system. Capcom later patched the game to roll back the security measures.
According to Trend Micro, ransomware is a type of malware that prevents or limits users from accessing their computers unless a ransom is paid to the hacker.
If you have the game installed on your computer, SidAlpha recommends that you uninstall the game and then run a system restore back to the point before you installed the game and then run a full virus scan.