Ethical Hacking News
Steam pulls "Sniper: Phantom's Resolution" game demo due to malware concerns. The latest example highlights the importance of using official platforms for software distribution and vigilance in protecting against information-stealing threats.
Steam removed its latest game title "Sniper: Phantom's Resolution" from the market due to reports of malware infection. The game was marketed as an early preview, but users who installed the demo via Steam were infected with information-stealing malware. Similar tactics were used by previous malicious actors, including a game that utilized Vidar infostealing malware last month. Users reported suspicious behavior, such as assets being copied from other titles and prompts to download an external installer. The malicious installer contained commodity attack tools and Node.js scripts designed to evade detection. The developer's website was taken offline, and GitHub removed the game's repository after reports of malware. Users who installed the game are advised to uninstall and run a full system scan to remove remaining malicious files.
Steam, one of the largest digital distribution platforms for PC games, has recently pulled its latest game title, "Sniper: Phantom's Resolution," from the market following a series of alarming reports by users who claimed that installing the game demo via Steam had infected their computers with information-stealing malware.
Developed by Sierra Six Studios and released on Steam under developer name 'Sierra Six Studios', "Sniper: Phantom's Resolution" was marketed as an early preview of the full title, which was scheduled to be released in the coming months. This particular episode comes only a month after Steam hosted another game that utilized Vidar infostealing malware, titled "PirateFi," with this latest malicious example mirroring the tactics used by previous malicious actors.
The warning signs were initially issued by the developers of the title themselves. On Wednesday, they cautioned users to be cautious when downloading the full version of the game from third-party websites or links outside the Steam platform due to potential security risks. However, installing the demo through Steam also came with unexpected dangers.
Users who installed the game noticed that assets and descriptions had been copied from other titles. Furthermore, they were prompted to download the demo installer from an external GitHub repository instead of using the official Steam version. The suspicious title on Steam was reported by multiple users to be hosted in an Internet Archive link titled "Source: Internet Archive".
Analyzing the malicious installer file, Reddit users discovered that it was named 'Windows Defender SmartScreen.exe' and found commodity attack tools such as a privilege escalation utility, a Node.js wrapper, and the tool 'Fiddler', which could intercept cookies. The malware also executes a series of Node.js scripts and kills them quickly to evade detection, and even runs a script named 'createShortcut.vbs' for persistence by adding a startup task for the executable.
Another indication that "Sniper: Phantom's Resolution" was indeed malicious is the presence of crypto tools and Telegram bot toolkits on the developer profile on GitHub, 'arda1337'. Following the discovery of this malicious repository, GitHub quickly removed it following user reports. Valve also deleted the game from Steam shortly after the same reports.
Following all these events, the developer's website at 'sierrasixstudios[.]dev' has been taken offline. For users who installed the game and are now faced with infected computers due to the malware, BleepingComputer advises uninstalling the title and running a full system scan to remove any remaining malicious files.
This particular incident highlights the ever-present risks associated with downloading software from third-party sources rather than directly from legitimate platforms such as Steam. It also brings into focus the need for constant vigilance and awareness about potential threats lurking in the digital world.
For security-conscious individuals, staying informed about recent vulnerabilities and taking proactive steps to secure their systems is key to minimizing exposure to these types of risks.
Related Information:
https://www.ethicalhackingnews.com/articles/Malware-Alert-Steams-Sniper-Phantoms-Resolution-Game-Demo-Infected-Windows-Users-with-Info-Stealing-Malware-ehn.shtml
https://www.bleepingcomputer.com/news/security/steam-pulls-game-demo-infecting-windows-with-info-stealing-malware/
Published: Fri Mar 21 10:12:37 2025 by llama3.2 3B Q4_K_M
