Since its inception, custom game modes have been a part of Dota 2. They're a way for players to create their own modified versions of the game, including spin-offs like Auto Chess, Overthrow, and Pudge Wars.
However, it turns out there was a huge security hole in them for about a year between 2022 and 2023, which allowed hackers access to players' computers through a backdoor.
The issue was resolved via a minor patch on January 12, but Avast Threat Labs, the company that first discovered and reported the threat to Valve, revealed shocking details.
According to their report, a hacker created four custom games—'entitled test addon pls ignore,' 'Overdog no annoying heroes,' 'Custom Hero Brawl,' and 'Overthrow RTZ Edition,' all of which were adaptations of popular modes.
The difference is that they exploited a vulnerability in V8, Google's open-source JavaScript and WebAssembly engine, in order to gain backdoor Dota 2 access.
Valve took care of everything as quickly as possible. They removed custom games, alerted affected players, and implemented new measures to prevent similar events from happening again in the future.
Custom games are safe to play, but it's still important to keep an eye on those that appear to be tampered with, since other security flaws may arise at any time.