Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Incident Response, TDR, Threat Management, Threat Management, Malware, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Phony ‘Steam escrow’ site used to deliver malware

Researchers spotted cybercriminals using a phony CSGO Shuffle domain to deliver malware to members of the Steam community looking to use the new “Steam escrow” system.

"Links such as these are most commonly shared in Steam IM Chat, often with the promise of additional freebies for those who click the supplied URL," Jovi Umawin, a malware intelligence analyst at Malwarebytes Labs, told via email correspondence. 

The criminals designed the site to mimic a popular betting site used by steamers and Counter-Strike: Global Offensive (CS:GO) players to trade item skins, according to a Dec. 9 Malwarebytes blog post.

The malware download is triggered when the user interacts with the pages in the same way that Steam users interact with a trading window, the post said. Researchers retrieved two malware samples from the campaign and identified them as “Backdoor.NanoCore” and “Escrow.exe.”

The Steam Mobile app is the is the only application that Steam users have to download, the post said adding that any additional programs that users are encouraged to install from unofficial third-party destination sites should be avoided.

"Gamers most at risk from this malware are those who frequently trade in virtual goods, specifically CS:GO gun skins which are hugely popular and can sell for hundreds of dollars," Umawing said. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.