Steam pulls game demo infecting Windows with info-stealing malware

Valve has removed from its Steam store the game title ‘Sniper: Phantom’s Resolution’ following multiple users reporting that the demo installer infected their systems with information stealing malware.

The game, published under the developer name ‘Sierra Six Studios,’ was supposed to be an early preview of the title with a release planned in the coming months.

Before the title was pulled out, the developers on Wednesday warned players about downloading the game from websites/links outside Steam because of potential security risks. However, getting the version from Steam also came with security threats.

Players suspected something was off with the game after noticing that assets and descriptions had been copied from other titles. Furthermore, they were prompted to download the demo installer from an external GitHub repository instead of the Steam platform.

Analyzing the installer file, Reddit users noticed that it was named ‘Windows Defender SmartScreen.exe’ and discovered commodity attack tools such as a privilege escalation utility, a Node.js wrapper, and the tool ‘Fiddler,’ which could intercept cookies.

The malware also executes a series of Node.js scripts and kills them quickly to evade detection, and even runs a script named ‘createShortcut. vbs’ for persistence by adding a startup task for the executable.

Another indication that the game was actually malicious is that the same developer profile on GitHub, ‘arda1337,’ hosts crypto tools and Telegram bot toolkits.

GitHub was quick to remove the malicious repository following user reports, and yesterday Valve also deleted the game from Steam.

Following the reports and the action taken by the two platforms, the developer’s website at ‘sierrasixstudios[.]dev’ has been taken offline.

Users that installed the game have likely infected their computers with malware and are recommended to uninstall the title and run a full system scan to remove remaining malicious files.

This incident comes only a month after Steam hosted the PirateFi title, which was used to distribute the Vidar infostealing malware. Statistics showed that the game had been dowloaded by up to 1,500 users.

BleepingComputer has contacted Steam for more details about ‘Sniper: Phantom’s Resolution’ listed on the platform but a comment wasn’t immediately available.