Fake Steam game page used to propagate malware

Download demo game hides nasty payload.

Fake Steam game page used to propagate malware
Fake Steam game page used to propagate malware

Criminals have created fake pages for downloadable games on Steam in a bid to install malware on unsuspecting gamers' computers.

The scammers set up a replica of another genuine game called Octopus City Blues. The page was set up on the concepts section of Steam, dubbed Greenlight,  where brand new game ideas are tested out on users to see if there is enough interest from gamers to turn these ideas into full games.

Within the page was a link to a seven-level demo of the game that was altered to go instead to a malware-ridden download site.

In a tweet, Octopus City Blues developer Ghost In A Bottle said “Wow. Someone copied our Steam page to spread malware. Their virus demo contains 7 levels! Gotta step our game up!”

Octopus City Blues designer Firas Assaad told gaming website Kokatu that he reported the fake web page to Valve asking it to remove the page.

“There were a few comments on the fake page warning people, but it seems that they were deleted. If it stays up I might send a DMCA complaint since companies take them more seriously,” he told the publication.

Since the issue was reported, Valve, the company behind Steam, has removed the link to the offending cloned page.  "We have removed the malicious links and are taking further steps to deal with anyone involved with posting these links,” the firm told Kokatu.

The incident highlights the methods criminals use to propagate malware. James Maude, security engineer at endpoint security software firm Avecto said it is easy for cyber-criminals to repackage games and applications adding in malicious code.

“This can then be placed on a site or forum and appear almost identical to the original source. In many cases they may even use details copied straight from the legitimate site,” he said.

He added that Steam has been a victim of its own success. “By offering the ability to host files on the Steam community domain they are providing a platform that an attacker can exploit. Companies offering community portals should be careful to make users aware that content linked to or shared is not approved, and possibly restrict or screen links posted. They also need to be prepared to act quickly to take down malicious content to prevent it spreading,” he said.

Maude said that gamers Gamers are increasingly being targeted and should be especially wary of unknown links offering beta previews and free content. “In the desktop environment, users need to be especially careful about where they download content from and try to use legitimate and trusted sources, not unknown websites,” he said.

Catalin Cosoi, chief security strategist at Bitdefender, said that one way of avoiding such incidents would be to have some sort of screening program that validates whether or not third party content is actually benign.  

“One way of approaching this would be to scrutinise embedded URLs and make sure they don't point to a known malware-disseminating website. There are various ways this can be achieved and it would minimise the risk of possible infections. Think of it as a forum moderator that validates whether or not shared links are legit or not,” he said.

Cosoi said that Steam has now realised that the gaming community could inadvertently be exposed to malware when reading their forums or its Concept section. “Steps to prevent this are probably being implemented as we speak. Users have probably learned that only games and files that are downloaded via Steam's official servers are to be trusted. One could argue that users are responsible for everything they download outside Steam's marketplace,” he said.