Phony 'Steam escrow' site used to deliver malware
A phony CSGO Shuffle site has been delivering malware to Steam users.
Researchers spotted cybercriminals using a phony CSGO Shuffle domain to deliver malware to members of the Steam community looking to use the new “Steam escrow” system.
"Links such as these are most commonly shared in Steam IM Chat, often with the promise of additional freebies for those who click the supplied URL," Jovi Umawin, a malware intelligence analyst at Malwarebytes Labs, told SCMagazine.com via email correspondence.
The criminals designed the site to mimic a popular betting site used by steamers and Counter-Strike: Global Offensive (CS:GO) players to trade item skins, according to a Dec. 9 Malwarebytes blog post.
The malware download is triggered when the user interacts with the pages in the same way that Steam users interact with a trading window, the post said. Researchers retrieved two malware samples from the campaign and identified them as “Backdoor.NanoCore” and “Escrow.exe.”
The Steam Mobile app is the is the only application that Steam users have to download, the post said adding that any additional programs that users are encouraged to install from unofficial third-party destination sites should be avoided.
"Gamers most at risk from this malware are those who frequently trade in virtual goods, specifically CS:GO gun skins which are hugely popular and can sell for hundreds of dollars," Umawing said.