Most people know not to click on suspicious links from strangers, but suspicious links from friends are more of a marginal case. Malefactors are currently using Steam, Valve’s popular PC gaming platform, to spread malware by hiding a nasty program in a supposedly innocuous screenshot that looks like it is coming from a trusted friend.
Security expert Graham Cluley shared the story, which one of his readers brought to his attention. The malware comes via Steam’s built-in chat client and, in all likelihood, will appear to come from someone you know.
If you receive a message on Steam that reads “WTF?????” and links to a JPEG image called “screenshot,” steer clear and inform your friend that he or she needs to run a virus scan posthaste. The link leads not to a strange picture, but rather to an executable SCR file.
Once clicked, the file will download and install automatically. This particular SCR file targets Steam, meaning it may be able to steal your login and financial information. At the very least, it compromises your Friends list and sends the malware-ridden “WTF” message to all of your contacts.
Worse still, only about half of antivirus programs seem capable of detecting the malware. While AVG, Malwarebytes, Kaspersky, Sophos and Symantec users are in the clear, those who rely on Microsoft, TrendMicro, Kingsoft or AegisLab are out of luck. The best solution for them would be to download the free version of AVG or Malwarebytes and run it with extreme prejudice.
This is not the first time that malware has targeted Steam users, suggesting that the platform is still not perhaps as secure as it could be. PC gamers should double-check with their friends before clicking on links that look out-of-the-ordinary.