17
Comments (13)
sorted by:
8
HEXEN 8 points ago +8 / -0

Good thing I just play games and don't give a fuck about anything else on that platform.

Steam keeps trying for more community shit. Flashing avatars, flashing borders, moving backgrounds, etc.

Just leave it be, valve. We come for the games. Not a social media platform.

0
deleted 0 points ago +1 / -1
1
MetallicBioMeat 1 point ago +1 / -0

Creating booster packs.

1
deleted 1 point ago +1 / -0
1
MetallicBioMeat 1 point ago +1 / -0

Pack of steam cards, used in crafting badges.

6
AntonZap 6 points ago +6 / -0

Reminder to anyone reading that they shouldn't run full administrator rights on their account at all times, I've seen people do it because they find the pop-ups annoying.

Hiding malware on metadata ain't nothing new, and I would have imagined that Valve was sanitizing user uploads, but it seems like this one slip through their checks.

6
MetallicBioMeat 6 points ago +6 / -0

Might be reading this wrongly but it seems like steam is only used as a host for comprised files that need a comprised system to execute, what this does is just to bypass some filters.

The Steam profile image is neither infectious nor executable. It serves as carrier for the actual malware[2]. It needs a second malware[1] to be extracted.

3
AntonZap 3 points ago +3 / -0

I haven't looked deeply into this case specifically, but what happens in most cases I've seen is that a payload (In short, a small series of instructions) is embedded into a file's metadata in a way so that when the host system reads said metadata it also executes the payload's code. To avoid triggering a superficial heuristic scan, the payload's only function tends to be to make a call to an external server which hosts the actual malicious code. If you are running on admin rights then it becomes trivial for said malicious code to make its way into your system.

Images aren't the only thing used for this kind of trick, I've seen the same done with fonts and videos, and every time someone falls for them it's because they are running outdated systems or they have administrator rights on their account.

4
MetallicBioMeat 4 points ago +4 / -0

Sure, that is the gist of how they usually work, but that still requires whatever process that opens the file to read the code and execute it, atm however it does not seem to use any exploit in the steams web interperter/browser nor any known exploit of other webbrowsers, thus it is inert and require a comprised system, atleast that is my understanding from the referenced article where I got the quote from:

This second malware sample[1] is a downloader. It has the hardcoded password "{PjlD\bzxS#;[email protected]\x.3JT&<4^MsTqE0" and uses TripleDES to decrypt the payload from the image.

2
AntonZap 2 points ago +2 / -0

Interesting, after reading the article that was quoted it seems like you are right, another malware is needed to decrypt the payload on an image. It doesn't even need to be the same image, said image downloader could point to another image with a different payload to execute an updated version of the malware.

So using Steam or not is unrelated to getting infected at the end of the day, the people behind it are just using their servers to distribute the images with the payloads. What remains to be seen is how the image downloader is getting distributed in the first place

4
mr_keylime [S] 4 points ago +4 / -0

From the article:

The malware downloader is hiding in the Steam profile image’s metadata, specifically in the International Color Consortium (ICC) profile, a standardized set of data to control color output for printing. Attackers hide their malware in benign images commonly shared online, including memes like “blinking white guy” used in the G Data analysis example.

Once executed, the malware terminates any security protections and checks for administration rights, the researchers found, then copies itself to “LOCALAPPDATA” folder and persists by creating a key in a registry that G Data identified as “\Software\Microsoft\Windows\CurrentVersion\Run\BroMal”

3
julianReyes 3 points ago +3 / -0

People still go "I HAVE NOTHING TO HIDE" and let corporations rape and walk all over them because they are clueless of the techniques used to track and identify them.

3
ProdigalPlaneswalker 3 points ago +3 / -0

Feels like anti-meme propaganda.

Watch out! Those memes your friend sent you may contain malware!