Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Malware Spreading via Steam Chats, Gains Access to Inventory

This article is over 10 years old and may contain outdated information

Be cautious of any URL shortener or else you could be downloading malware from friends and strangers on Steam.

Malware researchers are warning all Steam users to be aware of a .SCR (screensaver) file that appears harmless but will actually steal items from Steam users’ inventories.

Security company Malwarebytes said once a computer is infected with the malware, the victim’s session ID on Steam and inventory are at risk. In addition, the virus sends further messages to the victim’s friends list. The message includes a link to what appears to be a photo. The URL is shortened through bit.ly, with IMG at the start of the full URL and a .SCR extension.

Christopher Boyd of Malwarebytes said, “Just because the name of the file says ‘IMG’ at the start doesn’t mean it’s actually an image file. The extension in these cases is the giveaway, and users of Steam should ensure they’re not being set up for a harsh lesson in digital shenanigans.”

Earlier in the week, Steam users wrote about the malware in the community forums.

Bart Blaze, a malware researcher at Panda Security, looked into the matter further. The link leads to a file on Google Drive and immediately downloads the .SCR file, a screensaver file, with a picture of a woman as the icon.

“Note that normally, the Google Drive Viewer application will be shown and this will allow you to download the .scr file,” Bart Blaze wrote. “In this case, the string ‘&confirm=no_antivirus’ is added to the link, which means the file will pop-up immediately asking what to do: Run or Save.”

If you have downloaded the malware, you should first exit Steam immediately and open Task Manager and locate temp.exe, wrrrrrrrrrrrr.exe, vv.exe, or “a process with a random name, for example 340943.exe.”

Scan your computer with the antivirus you use, and then scan again with a different one. After deleting the malware, change your Steam password and any other sites where you use the same password. You can also enable the visibility of file extensions.

As always be careful when clicking on shortened URLs, even when sent by a friend.

Source: Malwarebytes, Bartblaze

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy