It looks like tricking folks who are not too savvy with the Internet and the Internet of Things happen to be a favorite action by cyber criminals, where innocent people have been duped into being “agents” when it comes to spreading malware. For instance, we have heard about a fake “The Interview” movie downloader app that has already made its way around, and it looks like Steam is also part of the action too. Apparently, Steam’s chat service is being used to push out messages that look innocent enough, where the ultimate motive is to infecting the receiver’s computer.
According to security blogger Graham Cluley, Steam chat is being the current source for malware dissemination. How does it “work”, so to speak? A user will be on the receiving end of a message that contains “WTF?????”, where it will be accompanied by a link for the receiver to click on, which looks like an innocent JPEG file. In reality, it carries a .SCR Windows executable file, which holds malicious code which will be used to infiltrate the recipient’s computer.
Basically, if you receive such a message, chances are one of your contacts has been infected – and it would be wise not to click on the link at all. Cluley blogged about it, saying, “The problem of malicious .SCR files spreading across the Steam network is sadly not a new one. For instance, back in September researchers at MalwareBytes warned of the threat.”