Security News Beware of New Steam Spam Leading to Malware

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Password reuse and recent mega breaches are putting our daily Internet lives in danger, as a recent Steam spam campaign is proving.

Since last week, Steam gamers have been warning each other, via Twitter and Reddit, about a new spam campaign that tries to lure them to a site to download malware on their computers, which in the end, allows crooks to take over their PCs.

Password reuse puts users at risk - again
This spam campaign begins with a hacker taking over a legitimate Steam account. This is possible today thanks to the large number of data breaches disclosed this year, many of which included cleartext passwords.

If Steam gamers haven't turned on two-factor authentication for their Steam accounts and had reused the same password on multiple sites, attackers can gain control over their accounts, and then use this newly-found access to spam their friends with malicious links.

Since the messages come from a legitimate source, most users will click the link. In this recent spam campaign, the link leads to a website supposedly hosting a video of a recorded CS:GO gameplay, for which the user needs to install Flash Player. Of course, this is a classic trick to fool gullible users into download a malware-laced file.

Malware installs NetSupport on all infected hosts
According to Lawrence Abrams of Bleeping Computer, in this particular case, users downloaded an executable that ran a PowerShell script, which installed the NetSupport Manager Remote Control Software.

NetSupport is a legitimate software package, similar to TeamViewer, which lets users connect to remote computers. In this particular case, the NetSupport package came pre-configured to connect back to the crook's server.

The attacker only had to authenticate on the server and take control over his latest victim's PCs.

Abrams recommends that Steam gamers check their computers for the presence of the %AppData%lappclimtfldr folder. If they find it, they're probably infected.

Incidents related to Steam malware have been observed in the past. Security researcher Bart Blaze has witnessed this same tactic (spam-malware-NetSupport) used as back as 2014.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top