BlueStacks Hack Could Cause Problems for PUBG Mobile Players

Update all the things!

Despite the “Mobile” moniker, PUBG Mobile can be easily accessed and played through a PC/Android emulator. It’s something we covered in a recent guide for those interested. But for those who chose our pick of the second best emulator BlueStacks – or just so happened to be using it for other games – you might want to update it. And by “might” we mean you really should.

Like seemingly any piece of software these days, BlueStacks has a very serious security flaw hidden deep within its code. The issue was revealed by the BlueStacks team in a post published to a Support page on its website. The issue plagues any version of BlueStacks that isn’t the newly released 4.90, meaning anyone with version 4.80 or below is at risk. It sounds like the issue has been present for a long time, but there’s no mention of how many times the flaw might have been exploited.

In the post, the BlueStacks team describes the hole as something that “exposes security vulnerabilities that are exploitable via malicious web pages”. Once a hacker exploits the security flaw, they’re able to abuse “exposed IPC functions”. According to Nick Cano, who initially reported the vulnerability, attackers can exploit the loophole to remotely execute potentially malicious code on an infected machine. Simply put, they can steal your information or even weaponize your PC for all manner of additional cyber attacks. To make matters worse, with BlueStacks being based on Android, they could further infect the machine by directly installing APKs (apps); and we’re probably not talking about a lone dev forcing their rival Battle Royale clone on you.

As with any vital security flaw like this, a CVSS Score has been put in place to measure the veracity of the issue. The base score of 7.1 might not sound too bad, but looking further down the scoring table reveals more concise and alarming details. The BlueStacks vulnerability scored “High” on Attack Complexity, and “Low” on Privileges Required.

Combined with the “High” Availability ranking, we’re looking at a potentially catastrophic hack that’s easy to pull off against millions of BlueStacks users. That being said, the likelihood of an attack taking place still seems relatively low given the need to fire up an infected webpage within the app to get the ball rolling. Now that the method has been revealed, however, there’s the chance more of these websites might spring up. It’s time to be very dubious of phishing attempts, so be wary of opening suspicious emails or chats within BlueStacks itself. Especially if you frequent the emulator’s forums.

This isn’t purely an attack on PUBG Mobile. Nor is it a reason to pivot away from playing the game on an emulator like Bluestacks (though we still recommend the Tencent Gaming Buddy if PUBG Mobile is your sole gig). Playing PUBG Mobile on an emulator makes sense for different people in different ways, and it’s a properly supported way to play the game. But what it isn’t – if you’re playing on BlueStacks 4.80 or below — is safe. if you play at an internet cafe, maybe let the admin know what’s going on.

Disclaimer: Fanbyte is owned by Tencent, which also runs Tencent Games, developer and publisher of PUBG Mobile. Tencent also subsidizes much of Fanbyte’s PUBG Mobile coverage by covering freelancer budget costs. Those covering PUBG Mobile for the site have no contact with Tencent, however, and are given complete creative control to write whatever they wish.