14 DAY TRIAL // Advertised on YouTube as a Steam Cracker that allows users to play “all games for free,” the malicious element is actually part of a phishing scheme that targets game serial numbers.
Chris Boyd of GFI reveals that the YouTube page which promotes the shady app urges users to disable their antivirus applications and their firewalls because they falsely detect the program as being a threat.
Of course, this is a real threat, which apparently runs only on Windows Vista or newer versions of the operating system.
The fake Steam client’s installation process is legitimate-looking and real speampowered pages are included, to make everything appear more credible. There are even buttons that point to the genuine Playstation Network ID login page.
While on the surface everything seems legit, in the background, the phony application accesses the registries in an attempt to steal CD Keys.
“The fake Steam client wants the serials of games galore along with more general programs such as design packages, movie players, system defraggers, code tweakers, iPod converters…you get the idea,” Boyd wrote.
GFI identifies the threat as Trojan.Win32.Generic.pak!cobra, but unfortunately, at this time, not all antivirus solutions flag the file as being a Trojan, only around half of them do.
This is not the first time we see pieces of malware advertised in fancy YouTube videos. Back in January, the same experts came across a YouTube page that promoted Pro Evolution Soccer 2012, the popular game published by Konami.
That particular scheme was designed to lure users to download a key generator that actually hid the ZeroAccess rootkit.
As always, users are advised to refrain from downloading applications from shady sources. Most key generators and “completely free” games actually mask Trojans that work in the background to steal sensitive information.