HQ/EMEAFind out how we can help your business
Valve removed the Sniper: Phantom’s Resolution game from Steam after customers reported that the demo installation deployed information-stealing malware on their devices.
The game, published under the developer name Sierra Six Studios, was intended to be an early preview of the title, which will be released in the following months. Before the title was pulled from the store, the developers warned gamers on Wednesday against downloading it from websites/links other than Steam due to potential security risks.
However, downloading the version from Steam also posed security risks.
Valve has received reports from various players about the game’s red flags.
Valve has considered withdrawing the demo from Steam after players sensed something was wrong with the game. One of the red flags was first discovered after players discovered the demo’s assets and descriptions plagiarised from other games.
Thus, customers were encouraged to download the sample installation from an external GitHub repository rather than the Steam platform.
Reddit users also noticed that the installer file was named ‘Windows Defender SmartScreen.exe.’ They revealed essential attack tools such as a privilege escalation utility, a Node.js wrapper, and the Fiddler tool, which could intercept cookies.
To avoid detection, the infostealer malware within the game also executes and immediately kills a series of Node.js scripts, including one entitled ‘createShortcut.’ vbs’ that could allow it to establish persistence by creating a starting task for the executable.
Another sign that the game was malicious is that the same GitHub developer profile, ‘arda1337,’ hosts crypto tools and Telegram bot toolkits. After receiving user reports, GitHub immediately removed the fraudulent repository, and Valve removed the game from Steam earlier this week.
Following the reports and actions made by the two platforms, the developer’s website, ‘sierrasixstudios[.]dev,’ has been taken offline. Users who installed the game will likely have infected their computers with malware.
It is recommended that they delete it and do a full system scan to eliminate any risks. This incident occurred just a month after Steam hosted the PirateFi title, which was used to deliver the Vidar virus.
