Researchers at G Data have since taken a deep dive into the malware threat, saying that SteamHide could be being developed as part of a wide-scale campaign.
In a post online Karsten Hahn, a malware analyst at the firm, wrote: “While hiding malware in an image file’s metadata is not a new phenomenon, using a gaming platform such as Steam is previously unheard of. From attacker’s point of view, this approach makes sense: Replacing the malware is as easy as just replacing a profile image file. There is also a huge number of legitimate accounts – and blocklisting the Steam platform outright would have many undesired side effects.
“It should be noted that in order to become a target for this method, no installation of Steam – or any other game platform – is required. The Steam platform merely serves as a vehicle which hosts the malicious file.
“The heavy lifting in the shape of downloading, unpacking and executing the malicious payload is handled by an external component which just accesses the profile image on one Steam profile. This payload can be distributed by the usual means, from crafted emails to compromised websites.”
Published at Sat, 12 Jun 2021 08:01:00 +0000