This Malware that Uses Steam Profile Images to Hide Itself
Unknown attackers use accounts on the Steam gaming platform to distribute malware.
The hackers have embedded malware downloaders into the images in their account profiles. The vulnerability, dubbed SteamHide, was discovered by a Twitter user using the pseudonym Miltinhoc.
Hiding malware in the metadata of an image file is not a new phenomenon, but according to experts from G Data, a gaming platform such as Steam was used for such purposes for the first time.
— miltinhoc (@miltinh0c) May 13, 2021
Attackers hide their malware in harmless images that are commonly posted on the Internet, including memes. It is noteworthy that malware infection occurs even if the user does not have an account or an installed Steam program. To install malware, just download the avatar on your PC.
Once launched, the malware disables all protections and checks administrator rights, then copies itself to the LOCALAPPDATA and persists by creating a key in a registry that G Data identified as “\Software\Microsoft\Windows\CurrentVersion\Run\BroMal.”
As the researchers clarified, the malware hides in itself tools that are not activated immediately but may become dangerous in the future. This includes analyzing the system for Microsoft Teams software installed or sending and receiving commands via Twitter.
Catch up on more articles here
Follow us on Twitter here