Watch Out Gamers: Hacked Steam Accounts Distributing Malware

Steam users are again under the radar of cyber criminals — This time, hacked steam accounts have been found distributing Remote Access Trojan (RAT).

Steam users are again under the radar of cyber criminals — This time, hacked steam accounts have been found distributing Remote Access Trojan (RAT).

Previously we informed our readers about the hacking of Steam accounts. Now a Reddit user is claiming that some of these hacked accounts are distributing malware.

The user on Reddit who goes by the alias Hayaddict can be seen alerting about the hacked Steam accounts being used to SPAM malicious URLs. Steam chat is the primary platform used for the distribution of this new malware. The chat messages contain a link to a video available at this address: videomeo.pw. As soon as the recipient of this message visits this page, another message window pops up requesting the visitor to download a Flash Player update to watch the video.

watch-out-gamers-hacked-steam-accounts-distributing-malware-1
The screenshot shows Steam chat box where a hacked account is tricking another user into clicking a malicious link / Image Source: Bleeping Computers

Lawrence Abrams from Bleeping Computers writes that if the unsuspecting user downloads this update and installs it, nothing will happen and the video still won’t be displayed because the installer is actually a malware. This Trojan immediately executes zaga.ps1, which is a PowerShell script that downloads a 7-zip archive, a CMD script and 7-zip extractor from the zahr.pw server.

After downloading these files, the PowerShell script launches the CMD file first. This file extracts the sharchivedmngr to the %AppData%\lappclimtfldr folder. Furthermore, when the user logs in, it configures the Windows to execute the mcrtvclient.exe automatically, which is a copy of the NetSupport Manager Remote Control Software. Upon launching, the NetSupport gateway connects with it at leyv.pw:11678 allowing the attacker to create a direct link with the infected computer remotely. The malware stays disabled until it receives commands from the C&C server.

To check if your computer is infected with the Steam Trojan, you can inspect the %AppData% folder for the presence of folders that we have mentioned above, states Abrams.

But, even if your computer is not infected with this virus, we urge that you never pay any attention to suspicious links and refrain from visiting links that offer videos or any kind of illicit content. Especially, never download any updates from third party websites, but only use the authentic websites of the company for downloading updates. Last but not the least, always keep an updated version of anti-virus installed on your computer to avoid infections.

Did you enjoy reading this article? Kindly do like our page on Facebook and follow us on Twitter.

Total
0
Shares
Related Posts
New SystemBC malware targets Windows PCs by evading detection
Read More

New SystemBC malware targets Windows PCs by evading detection

While finding and removing malware on your computer system may indeed be a joyous moment, there's a new malware out there that will give you a headache instead. To know why, a dive through is needed into SystemBC, a malware written in C++ that has been discovered by researchers at Proofpoint and dubbed so because the word is a part of the URI path found in one of the malware's advertisements.