Unknown hackers turned Steam accounts into malware distributors. Attackers hid malware downloaders in images of their accounts’ profiles. The vulnerability was discovered by a Twitter user with the nickname Miltinhoc.
The vulnerability was named SteamHide. As G Data analysts pointed out, the game service has actually become a platform for placing malicious files. Such methods of malware distribution have been known before, but no one has ever used game services like Steam.
Cybercriminals used Internet memes to spread viruses, in particular “Harold hiding the pain. At the same time, you don’t even need to have an account or install Steam to be infected with malicious software – all you need is to download an avatar on your PC.
Once activated, the hidden program disables all security features and then copies itself to the “LOCALAPPDATA” folder. Once saved, it is anchored in the system’s registry. The researchers specified that the malware hides tools that are not activated immediately, but can become dangerous in the future. How many computers are affected and how the vulnerability can be fixed is not specified. Valve declined to comment on the situation.