Go Back   RGN - Reliable Global News > RGN Game News > MISC Games - Discussion

MISC Games - Discussion Gaming NEWS & Discussion of SP/MP Games not a topic elsewhere.

Thread Tools Display Modes

Malware Spreading via Steam Chats
Old 11-22-2014
RFMariano's Avatar
RFMariano RFMariano is offline
Site Owner - Administrator
Join Date: Aug 2006
Location: Florida, USA
Age: 75
Posts: 13,548
Rep Power: 188
RFMariano is a splendid one to beholdRFMariano is a splendid one to beholdRFMariano is a splendid one to beholdRFMariano is a splendid one to beholdRFMariano is a splendid one to beholdRFMariano is a splendid one to behold
Default Malware Spreading via Steam Chats

Malware Spreading via Steam Chats,
Gains Access to Inventory

By Carly Smith | 18 November 2014 12:10 pm

Image Source: OnyxHavok (Tumblr)

Be cautious of any URL shortener or else you could be downloading malware from friends and strangers on Steam.

Malware researchers are warning all Steam users to be aware of a .SCR (screensaver) file that appears harmless but will actually steal items from Steam users' inventories.

Security company Malwarebytes said once a computer is infected with the malware, the victim's session ID on Steam and inventory are at risk. In addition, the virus sends further messages to the victim's friends list. The message includes a link to what appears to be a photo. The URL is shortened through bit.ly, with IMG at the start of the full URL and a .SCR extension.

Christopher Boyd of Malwarebytes said, "Just because the name of the file says 'IMG' at the start doesn't mean it's actually an image file. The extension in these cases is the giveaway, and users of Steam should ensure they're not being set up for a harsh lesson in digital shenanigans."

Earlier in the week, Steam users wrote about the malware in the community forums.

Bart Blaze, a malware researcher at Panda Security, looked into the matter further. The link leads to a file on Google Drive and immediately downloads the .SCR file, a screensaver file, with a picture of a woman as the icon.

"Note that normally, the Google Drive Viewer application will be shown and this will allow you to download the .scr file," Bart Blaze wrote. "In this case, the string '&confirm=no_antivirus' is added to the link, which means the file will pop-up immediately asking what to do: Run or Save."

If you have downloaded the malware, you should first exit Steam immediately and open Task Manager and locate temp.exe, wrrrrrrrrrrrr.exe, vv.exe, or "a process with a random name, for example 340943.exe."

Scan your computer with the antivirus you use, and then scan again with a different one. After deleting the malware, change your Steam password and any other sites where you use the same password. You can also enable the visibility of file extensions.

As always be careful when clicking on shortened URLs, even when sent by a friend.

Source: Malwarebytes, Bartblaze



Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -4. The time now is 09:25 PM.

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.
Content Copyright RGN - Reliable Global News