Gamers Targeted via Steam

Next story


Gamers are under fire again! This time via cloned game pages on Steam which redirect to malware riddled download pages. Is nothing sacred?!

Steam, well-trod stomping ground for virtually every PC gamer, has played host to a rather nasty double cross.

Fake game pages were created in the ‘concepts’ section which posed as genuine games: they went the whole 9-yards, including screenshots, trailers, official names and descriptions.

Hopefully it doesn’t affect the reputation of the developers who got cloned, most were smaller indie studios but why are gamers such prime targets in the first place?

Prime Target

Mark James, ESET security specialist, explains that this kind of attack is fairly simple and quite difficult to prevent.

“It’s a very hard thing to protect against or stop fake websites from appearing, they are often identical to the original in every way and will send you off to a malware ridden site for downloads.

“Gamers are often targeted as they fall into a very favourable market for downloading games and demos for trying and testing purposes.

“If possible use HTTPS over HTTP and encourage your users to check for the extra protection.

“Using infected adverts is an easy way to get malware onto an otherwise clean site, if it’s a community or fan site then it could be simply a case of replacing good code with malicious code at source level.

“The chances are there Is no programmer or security expert checking to see if this has happened.

“Duplicating a website is easy these days but most organisations have measures in place to report and get those pages shut down fairly quickly.”

Tips and Tricks

Mark explains that a big pinch of common sense is required when perusing download websites for games, or for anything really.

As we’ve stated on many occasions the User is invariably the weakest link in the chain: if you spot a dodgy download website and avoid it then your AV never had to fight off the infection in the first place.

Obviously this isn’t the case in every eventuality and you should have up-to-date AV (why not try ESET), up-to-date OS and other programs, but it’s a good stable security foundation.

“Always be weary when downloading free software from fan sites or similar, we like to think that it’s a trustworthy source but we can’t always tell these days.

“Always read the comments, they are a great source of information but if none are found or they seem very vague they may be fake as well.

“It’s a minefield and to be brutally truthful you have to use common sense and trust your judgement when downloading files or following links.

“Make sure your antivirus is up to date and from a trusted source, use a good secure browser and scan the downloaded file after it has been downloaded even IF your AV has already scanned it while downloading.”

Join the ESET UK LinkedIn Group and stay up to date with the blog.

Have you ever been caught out by a clone website?