Obviously targeting Windows, but still…
- It’s not a “steam maleware”, but maleware using Steam as a CDN
- The maleware is hidden in steam profile pictures
- It’s not the actual attack vector, but just additional payload loaded after the initial attack was successful
So my question is: What is the initial maleware?
Not exactly, i haven’t found a better article on english language, but as far as i understood from other sources:
It is malicious payload which can initially be used to spread fast like a worm using Steam (client) and then hijack Windows PC after self-executing:
- Turns off M$ security features ( )
- Checks if it can get admin rights
- self-copy to LOCALAPPDATA and makes itself persistence by also creating some registry keys
Looks like not only profile, but wherever else like images in articles etc
Pretty sure it is an actual attack vector, since it’s pretty big in scale (as far as it’s detected now), also there are plenty of functionality it has which were not activated so far, including:
- Analyzing system for Microsoft teams (i’m sure you’ve heard recently about that one and hacks of US government agencies)
- Send / recieve commands through twitter (now that’s a weird one )
So yeah, it’s actually pretty dangerous.
Might be a bot net, might be a crypto-miner.
Might be whatever.
As far as I’ve read seems that it needs another malware (gotten by “usual” ways) to extract the information coded inside the image and so start the all shenanigans.
In other words, it makes your computer more secure, before nuking it.
It’s a malware that likes challenges