The Australian government has issued a warning to all Steam users, following the outbreak of online malware using the social side of the gaming platform to send malicious messages to users. We’re used to seeing this sort of behaviour on other social networks, but this is the first time it’s caused such a stir on Valve‘s digital platform.
As we’ve seen on other services, the malware is simply executed: A message as basic as “WTF?????” is combined with a link to an external website, seemingly to an image. However, following the link downloads a screensaver that will infect your computer with malware when opened.
It’s important to note that this particular malware does not exploit any vulnerabilities within the Steam software or network, instead relying on people’s gullibility. After opening the infected screensaver, the malware will use your Steam account to send messages to your contact list, spreading the virus. It’s not clear at this time if the software does anything beyond self-propagation.
Obviously, the usual advice applies here: If you receive unusual-looking messages from your friends (or unknown contacts) via Steam or any other social networks, don’t click the link.
If you do attempt to view the linked image and your computer starts to download a file instead of what you expected, do not open the file. Run an antivirus over it – and if you have any doubts, delete the file rather than opening it. (Realistically, you’re best off deleting it anyway.)
The government advises:
If the malware infects your Steam service, it will use the chat function to send malicious links to your friends. If your friends alert you that your Steam chat is sending malicious links to them, you should run an antivirus product on your computer.
…if the antivirus does not find and remove the infection, you’re advised to seek “further technical advice”.
After the malware’s been removed from your PC, take the time to change your online passwords – particularly for your Steam account but also for online banking, email, or other important services you may use.