HunterICX
01-09-15, 07:34 PM
Just want to give off a warning to anyone using Steam.
There seems to be a Phising trojan spreading like wildfire lately that comes in the form of a link towards an image via chat or profile comments. This link however doesn't go or downloads an image but a .scr file (commonly used for windows screensaver) this fools some AV/IS applications untill it's too late.
Once infected the trojan has acces to your account and within seconds it robs your steamwallet and inventory of items. Some report it even bypasses Steamguard as it steals the verification file but this I'm not sure off or how it works.
Also the infection causes your account to send chat messages to everyone or most people in your friendlist or posts a comment on their profile page too fool others that the link can be trusted.
I happen to be aware of this by having red the steam forums from time to time but seems others where not as today I got 3 - 4 messages with that malicious link from members of subsim that I have in my friendlist.
it comes with messages like this:
WTF?!?! [insert random named imagehost].com/screenshot.png
Check this out [insert random named imagehost].com/screenshot.png
Want to trade? [insert random named imagehost].com/screenshot.png
Do NOT click the link, ignore it when in chat and if it's on the profile page delete the comment.
So heads up and don't click any link that you can't confirm it can be trusted.
There seems to be a Phising trojan spreading like wildfire lately that comes in the form of a link towards an image via chat or profile comments. This link however doesn't go or downloads an image but a .scr file (commonly used for windows screensaver) this fools some AV/IS applications untill it's too late.
Once infected the trojan has acces to your account and within seconds it robs your steamwallet and inventory of items. Some report it even bypasses Steamguard as it steals the verification file but this I'm not sure off or how it works.
Also the infection causes your account to send chat messages to everyone or most people in your friendlist or posts a comment on their profile page too fool others that the link can be trusted.
I happen to be aware of this by having red the steam forums from time to time but seems others where not as today I got 3 - 4 messages with that malicious link from members of subsim that I have in my friendlist.
it comes with messages like this:
WTF?!?! [insert random named imagehost].com/screenshot.png
Check this out [insert random named imagehost].com/screenshot.png
Want to trade? [insert random named imagehost].com/screenshot.png
Do NOT click the link, ignore it when in chat and if it's on the profile page delete the comment.
So heads up and don't click any link that you can't confirm it can be trusted.