Several alerts have been made on various online gamer communities that compromised. Steam accounts have been used by hackers to distribute malware code.
Be Careful with Steam Chats to Avoid the Malware
Steam gamers are warned. A Reddit user with the nickname Hayaddict has alerted the Steam users on the community that hackers have used compromised accounts to deliver spam messages containing malware. This is done by the application’s chat function, the principal tool for communication between users.
The hacked accounts send links to target victims that contains links to the malicious address videomeo.pw. When the computer user clicks on the link, they are presented with a window pop-up that requests the download of a “Flash Player Update” to watch a video. This is actually the malware Trojan that is installed on the victim system.
The threat executes a PowerShell script called zaga.ps1 which downloads an archived file, a CMD script and a zip extractor from the zahr.pw remote server. When all components are downloaded the shell script launches the CMD binary file. This extracts the sharchivedmngr to the %APPDATA%\lappclimtfldr location. The malware threat is not detected by most security solutions as it is downloaded by the PowerShell script and no actual malware code is contained in the archive.
When the computer user logs in, the NetSupport Manager Remote Control Software launches automatically and connects to the leyv.pw:11678 Gateways which servers as a remote control backdoor. When the necessary command is sent via the remote C&C server, this function is activated, and the hackers can take full control of the machine.
Steam users are urged not to click on any links that are sent by unknown people, especially when they offer lucrative content – funny videos, free games or other promises. Everyone is also encouraged to use two-factor authentication which prevents malicious use of the Steam accounts by hackers.