Looks like cyber criminals don't really rest or sleep when it comes to tricking innocent people into spreading malware. From yesterday's reports about a fake "The Interview" movie downloader app being in the wild, it appears that Steam is part of the action as well, with its chat service being used to push out innocent-looking messages, with the intent of infecting the receiver's computer.
Security blogger Graham Cluley reports that Steam chat is currently being the source for malware dissemination. A user receives a message that contains "WTF?????", which comes with a link for the receiver to click on. Merely looking at the link, one might observe that it is just an innocent JPEG file. However, in reality, it contains a .SCR Windows executable file, that contains malicious code that will be used to infiltrate the recipient's computer.
Cluley warns that if a user receives such a message, it may indicate that one of the user's contacts is infected. If the user does click on the link, his/her Windows computer might get infected and his/her Steam credentials might get stolen.
According to Cluley, in his blog post:
The problem of malicious .SCR files spreading across the Steam network is sadly not a new one. For instance, back in September researchers at MalwareBytes warned of the threat.
Cluley recommends to the users of the chat service to be wary of the links they click on, even if they apparently have been shared by your friends.
Source and Image: Graham Cluley