Hacked Steam Accounts Distributing Malware

Famous Games Hijacked for Ransom Through TeslaCrypt Ransomware

Lawrence Abrams from Bleeping Computers writes that if the unsuspecting user downloads this update and installs it, nothing will happen and the video still won’t be displayed because the installer is actually a malware. This Trojan immediately executes zaga.ps1, which is a PowerShell script that downloads a 7-zip archive, a CMD script and 7-zip extractor from the zahr.pw server.After downloading these files, the PowerShell script launches the CMD file first. This file extracts the sharchivedmngr to the %AppData%\lappclimtfldr folder. Furthermore, when the user logs in, it configures the Windows to execute the mcrtvclient.exe automatically, which is a copy of the NetSupport Manager Remote Control Software. Upon launching, the NetSupport gateway connects with it at leyv.pw:11678 allowing the attacker to create a direct link with the infected computer remotely. The malware stays disabled until it receives commands from the C&C server.To check if your computer is infected with the Steam Trojan, you can inspect the %AppData% folder for the presence of folders that we have mentioned above, states Abrams.