Security News > 2021 > June > Steam Gaming Platform Hosting Malware

Look out for SteamHide, an emerging loader malware that disguises itself inside profile images on the gaming platform Steam, which researchers think is being developed for a wide-scale campaign.

The Steam platform merely serves as a vehicle which hosts the malicious file, according to research from G Data: "The heavy lifting in the shape of downloading, unpacking and executing a malicious payload fetched by the loader is handled by an external component, which accesses the malicious profile image on one Steam profile. This external payload can be distributed via crafted emails to compromised websites."

The malware downloader is hiding in the Steam profile image's metadata, specifically in the International Color Consortium profile, a standardized set of data to control color output for printing.

Victims of this profile image scam don't have to be on Steam or have any gaming platform installed, G Data's researchers found.

G Data said the developers of SteamHide have hidden tools inside their malware that aren't currently being used, but could be dangerous later; including checking if Teams is installed on the infected machine, and a method stub named "ChangeHash" that indicates developers are working on increasingly complex iterations of the existing malware.

It's hard to say how easy the malware would be to root out: Steam's most recent data said the platform has more than 20 million users playing games, including popular titles like Counter-Strike: Global Offensive, Dota 2 and Apex Legends.

News URL

https://threatpost.com/steam-gaming-delivering-malware/166784/