Malware abounds on the Internet, from shady click-to-win pop-ups to purposely confusing download prompts. But, it seems it’s not just the untamed frontier of the Internet that is host to such issues. Steam, everyone’s favorite PC gaming platform, has now come under scrutiny as a new report suggests that malware may be a part of Steam Profile images.
The report comes from G Data and states that hackers are using Steam Profile images to hide malware which can then be downloaded onto a PC using a separate downloader. The malware isn’t in the image itself; it’s actually hiding in the image’s metadata. For the malware to begin working, users would need to download a separate piece of malware that downloads the virus from the Steam profile.
Now, this isn’t the first time Steam has had exploits or issues with its platform. But this is definitely a new way of infecting a computer. Essentially, Steam is being used as a repository since it has such a massive audience and is usually cleared by most anti-virus software as a clean source.
“While hiding malware in an image file’s metadata is not a new phenomenon, using a gaming platform such as Steam is previously unheard of,”
G Data
and added that the profile image alone
“is neither infectious nor executable.”
G Data
To activate the malware, the user would need to have already been infected by a separate downloader, which infects a computer when the user clicks an email link or visits a compromised website. The downloader then accesses Steam and captures the malware present in the image metadata.
Seeing as how a secondary process is required for this malware to function, Steam users don’t need to worry about the increased risk of infection.
“The malware is inactive unless it is unpacked and decrypted by a separate malware downloader that accesses the image file,”
G Data
The downloader may be hidden in email attachments or on a manipulated website. Those do not necessarily have any association with Steam or gaming in general.
G Data also noted that the malware practice isn’t in widespread use and may still be “under development.”
So, basic internet safety precautions apply, avoid sketchy websites, don’t click on links from suspicious emails, don’t install cheat software, and you should be safe. Given that Steam keeps updating its platform, hopefully, this will only be a temporary problem to worry about.
About Steam
Steam is a video game digital distribution service by Valve Softwares. It was launched as a standalone software client in September 2003 as a way for Valve to provide automatic updates for their games and was subsequently expanded to include games from third-party publishers. Steam also serves as an online web-based and mobile digital storefront.
No Comments on Careful! Steam Profile Images May Contain Malware