WTF? Malware spreads via Steam chat

Steam malwareIf you are one of the many people enjoying playing games via Steam this holiday season, be wary of chat messages inviting you to click on a link.

Messages have spread between Steam users saying "WTF?????" linking to what appears to be a JPEG image file.

However, if you click on the link you will actually find yourself downloading a .SCR Windows executable file, containing malicious code.

Below you can see a screenshot of a malicious Steam conversation (details have been censored to protect the innocent), where a user eventually realises they had been compromised:

Steam chat

If you have seen a message similar to this then, in all likelihood, one of the contacts on your Steam friends list has had their computer infected by the malware and is spamming you and everyone else on their contacts list with the "WTF?????" message.

If you make the mistake of clicking on the link, and opening the downloaded file, your Windows computer could also become infected and your Steam credentials potentially stolen.

The problem of malicious .SCR files spreading across the Steam network is sadly not a new one. For instance, back in September researchers at MalwareBytes warned of the threat.

Presently, the VirusTotal service is only showing identification by a small number of anti-virus products, although it's worth bearing in mind that security solutions use a variety of technologies to protect computers - not just those elements checked by VirusTotal.

My advice? Be very careful about the links that you click on via Steam chat - even if they appear to have been shared by your online friends.

Thanks to reader Rikev for bringing this threat to my attention.

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

7 Responses

  1. Coyote

    December 29, 2014 at 6:56 pm #

    "My advice? Be very careful about the links that you click on via Steam chat – even if they appear to have been shared by your online friends."

    I would extend this by (ironically by extending the point I am shortening the sentence) removing 'via Steam chat'. And indeed it applies also to those you know. In truth it applies to those you know even if you requested it from them: what if they aren't aware of a problem, for example? In short: while it might be that it is what it seems, it also might not be. The problem then, is that some don't recognise all the variables (and to be fair, so many new things pop up over time, it makes it much more difficult to keep track of – it isn't just being aware, it is actually having the right type of thinking that is part of you).

  2. Micah Justice

    December 30, 2014 at 9:06 pm #

    Or… You could just mature, stop cussing like a teenager, and then your friends who know you don't curse, would see that link and KNOW you didn't sent it because language like that is below you. Ah I forgot… "Mature" is the worst rating… My how the world is twisted…

    • Macko de pako in reply to Micah Justice.

      December 31, 2014 at 8:02 am #

      Ah yes, when all teens start acting mature the same slang will be used as bait.

      Ah "slang", said by many that is "wrong", and to introduce new things to language even if "seen" as others as "rude" to be wrong, wwah, waah. As if we the same is held for Shakespeare, but no, Shakespeare is ART! Because.. well um, we see "art" in it… I suppose………

      Adults these days really need to pull their heads out of their asses, it seems as with all their experience, they still do not understand what language is, philosophically… well if you understand. Here's a tip.. words mean nothing, its the meaning you put forward. In other sense, it doesn't matter as long as communication isn't held back.

  3. Finnishgamer

    December 31, 2014 at 3:18 am #

    This is exactly what happened to me at Christmas-night. I lost over 300€ worth of Steam items. I have made a ticket to Steam Support but they havent answered so does any of you have experience about this kinda thing? Is there a way to get back my stolen items?

    • Anon in reply to Finnishgamer.

      December 31, 2014 at 12:58 pm #

      I'm thinking steam will probably be nice enough to give you the games back (their customer service is quite good)

  4. Shodan

    December 31, 2014 at 4:09 pm #

    I've been reversing a bunch of the malware that has been sent through steam. I'm thinking of doing a writeup soon about it. Most of them are pretty basic.

  5. bartblaze

    January 1, 2015 at 9:29 am #

    As an FYI, I had also blogged about this 2 months ago – including some recommendations on what to do if this happened to you. Read about that here:
    http://bartblaze.blogspot.com/2014/11/malware-spreading-via-steam-chat.html

Leave a Reply