September 11, 2014
Owned and maintained by Valve, Steam enables users to download and update their games via the Internet and keep up with news from the video gaming world. In addition to games developed by Valve, Steam also distributes applications produced by other companies. Many games available on Steam allow players to use various virtual items that change the appearance of their characters or provide them with certain advantages. Some of these items can be sold and purchased for real money via a specific Steam-powered service.
At the end of August 2014, messages from Steam users about missing valuable game assets began to emerge on various gaming forums. The Trojan that appears in the Dr.Web database under the name Trojan.SteamBurglar.1 is the culprit behind this virtual theft. Criminals spread the malware via the Steam chat and forums where they prompt users to view screenshots of weapons or other items supposedly available for purchase. Here is an example of such a message: "Hello. I like your weapon. Can you swap for my knife + weapon? (Look screenshot my knife + weapon)". These Trojan.SteamBurglar.1 images were displayed to the user of the targeted computer. Meanwhile, the Trojan searched the machine's memory for the process steam.exe to extract information about game items. The malware used such key words as ‘rare’, ‘immortal’ and ‘legendary’ to determine which items were the most valuable and stole them so that they could be resold. The stolen artifacts were transferred to a Steam account used by the criminals:
Trojan.SteamBurglar.1 signatures have been added to the virus database, so the Trojan poses no threat to Steam users whose computers are protected by Doctor Web anti-viruses. However, players wishing to sell or buy any game object are recommended to exercise caution when receiving transaction offers from unknown senders — even if it is only about buying an enchanted sword for a few real dollars.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.