Steam users are again under the radar of cyber criminals — This time, hacked steam accounts have been found distributing Remote Access Trojan (RAT).
Previously we informed our readers about the hacking of Steam accounts. Now a Reddit user is claiming that some of these hacked accounts are distributing malware.
The user on Reddit who goes by the alias Hayaddict can be seen alerting about the hacked Steam accounts being used to SPAM malicious URLs. Steam chat is the primary platform used for the distribution of this new malware. The chat messages contain a link to a video available at this address: videomeo.pw. As soon as the recipient of this message visits this page, another message window pops up requesting the visitor to download a Flash Player update to watch the video.
Lawrence Abrams from Bleeping Computers writes that if the unsuspecting user downloads this update and installs it, nothing will happen and the video still won’t be displayed because the installer is actually a malware. This Trojan immediately executes zaga.ps1, which is a PowerShell script that downloads a 7-zip archive, a CMD script and 7-zip extractor from the zahr.pw server.
After downloading these files, the PowerShell script launches the CMD file first. This file extracts the sharchivedmngr to the %AppData%\lappclimtfldr folder. Furthermore, when the user logs in, it configures the Windows to execute the mcrtvclient.exe automatically, which is a copy of the NetSupport Manager Remote Control Software. Upon launching, the NetSupport gateway connects with it at leyv.pw:11678 allowing the attacker to create a direct link with the infected computer remotely. The malware stays disabled until it receives commands from the C&C server.
To check if your computer is infected with the Steam Trojan, you can inspect the %AppData% folder for the presence of folders that we have mentioned above, states Abrams.
But, even if your computer is not infected with this virus, we urge that you never pay any attention to suspicious links and refrain from visiting links that offer videos or any kind of illicit content. Especially, never download any updates from third party websites, but only use the authentic websites of the company for downloading updates. Last but not the least, always keep an updated version of anti-virus installed on your computer to avoid infections.
For more technical details we recommend visiting Bleeping Computer blog post by clicking here.