Remove SteamHide Malware

Daniel Hosting Dark Web Data Breach

Cybercriminals often abuse legitimate online services to aid them with their malicious campaigns. For example, it is not uncommon to see Dropbox being used as a makeshift server for data exfiltration or Telegram being used to control malicious implants. However, an unknown cybercriminal may have found a way to abuse profile images in the most popular gaming platform, Steam. The innocent-looking images actually hide a script, which an active implant on the compromised system can decode in order to extract a payload. It is important to note that the newly identified SteamHide Malware attack can only be executed if the victim is already infected with another piece of malware, which can extract the malicious code from the Steam avatar. This is not a vulnerability in the Steam platform, and it is simply a 'clever' way that the cybercriminals are abusing to exploit legitimate services.

The advantage of the method, which the SteamHide Malware uses, is that the criminals can replace the profile image to introduce a brand new payload, therefore allowing them to change implants on the fly. The infected victim does not need to have Steam installed on their device in order for the SteamHide Malware to work – it can open a hidden browser instance to load the profile with the malicious image.

So far, the SteamHide Malware has been changing its payloads rapidly, and it does not appear to have many features that its operators can use. The developers of the threat continue to introduce various functions, but none of them are finished. For example, some of the code is designed to check the software installed and running on the compromised system, while another function is designed to work as a Twitter bot. 

While the use of images to deliver payloads is not a novel technique, abusing a platform as big as Steam is certainly an innovative approach. The SteamHide Malware is still under development, and it is likely that its creators will soon reveal the true scope of their operation. You should prepare yourself beforehand by securing your system with the use of an up-to-date anti-malware application. 

June 9, 2021

Leave a Reply