New Trojan Distributed as Steam Game Hack

Security researchers warn that a new trojan poses as a hacking tool to get games for free on Steam, which is advertised via rogue YouTube videos.

The attack begins with malware distributors posting videos on YouTube with names like “ALL STEAM GAMES FOR FREE HACK”, “Steam Hack with Download” or “STEAM HACK WORKS 100% + DOWNLOAD.”

By the looks of them, these are most likely legit videos that were stolen from other accounts. They demo several Steam hacking tools which allow users to download and play games for free.

However, the download link advertised in their descriptions leads to a file called hack-mod-v1.9.exe, available from free file hosting websites.

According to a Virus Total scan, 20 in 43 antivirus products currently detect this file as malicious, most of them under a generic signature for VB (Visual Basic) trojans.

However, it’s most likely that the attackers are changing the download links to point to new threats, as older ones start getting high AV detection rates.

When Christopher Boyd, a senior threat researcher at GFI Software (formerly Sunbelt) analyzed this attack, he received a file called hackncrack.exe, which is a trojan called Ottodex.A (Microsoft).

The malware is detected by 23 antivirus products on VirusTotal and according to an entry in Microsoft’s malware encyclopedia, it started circulating around November 25.

“[...] This isn’t hidden behind CPA Lead surveys that need to be filled in before downloading – it’s freely available from Rapidshare, Megaupload and others. As for the Trojan itself, it seems to be a fairly typical downloader which requires large amounts of ‘avoiding completely’,” Mr. Boyd writes.

Trojan downloaders are used as distribution platform for other malware, so people who fall for this trick will most likely end up with multiple infections on their computers.

Users are advised to keep their antivirus product up to date at all times and to stay away from cracks and other hacking tools, because they carry a high malware risk.