Steam avatars/pictures being used for transfering malware

[Slam]

https://www.gdatasoftware.com/blog/steamhide-malware-in-profile-images

https://threatpost.com/steam-gaming-delivering-malware/166784/

 

Apparently Steam avatars/artwork images are being used to host malware and allow its transfer between users with a specific program to decrypt them.

 

Just thought this was pretty neat, but also this might eventually evolve and become an actual threat/problem for Steam users, so eh.

 

Threatpost is saying the images download malware to your computer already, but I think that the chick that wrote it is on something else because GData (an actual Anti-Virus software company) is claiming that looking at the images and even downloading them doesn't do anything without having the proper program, so I'd take that second read with a grain of salt. Though it's definitely scary thinking about how maybe it really can one day evolve into accounts being hijacked just because you looked at someone's steam profile.

 

Edit: re-worded the first sentence

[Abstract]

This is nothing new, it's a technique used in malware to prevent URLs from being blacklisted.

 

I don't think loading an image on your browser will hijack your PC any time soon.  An exploit (different from the malware described here) would be required for your Steam account to get hijacked from just opening an image on your browser.

 

And yes, downloading the image and opening it normally won't do anything (even if it contains malware) because like they said in the article, the malware downloader is required to load and execute the additional malware embedded in that image.

[Slam]

10 hours ago, Abstract said:

This is nothing new, it's a technique used in malware to prevent URLs from being blacklisted.

 

I don't think loading an image on your browser will hijack your PC any time soon.  An exploit (different from the malware described here) would be required for your Steam account to get hijacked from just opening an image on your browser.

 

And yes, downloading the image and opening it normally won't do anything (even if it contains malware) because like they said in the article, the malware downloader is required to load and execute the additional malware embedded in that image.

 

It's not a new method by any means, but it's the first time people have seen Steam being used as the method of transfer/hosting in this way. Gdata also claims that those responsible are "developing" this further and we could see something worse come out of it, though who knows what that can be.

[Zeus904]

It's likely that valve will respond should it become an issue. They might do something regardless bc the whole thing is bad pr for them. All they would need to update (at the time of writing) is a quick ICC length check for uploaded images. Although it is worthwhile to check up on every now and again.

 

Interesting read 

 

tldr: should this become problematic we'll know and valve will too. 

[Vashta?]

On 6/11/2021 at 3:10 PM, Slam said:

https://www.gdatasoftware.com/blog/steamhide-malware-in-profile-images

https://threatpost.com/steam-gaming-delivering-malware/166784/

 

Apparently Steam avatars/artwork images are being used to I guess smuggle/transfer malware between users with a specific program to decrypt them?

 

Just thought this was pretty neat, but also this might eventually evolve and become an actual threat/problem for Steam users, so eh.

 

Threatpost is saying the images download malware to your computer already, but I think that the chick that wrote it is on something else because GData (an actual Anti-Virus software company) is claiming that looking at the images and even downloading them doesn't do anything without having the proper program, so I'd take that second read with a grain of salt. Though it's definitely scary thinking about how maybe it really can one day evolve into accounts being hijacked just because you looked at someone's steam profile.

Threat or not definitely interesting what people can do, nice post