Why Valve’s Steam has its own brand of Malware

Valve's Steam vulnerable



Computer games are a huge business, generating over a $100 billion in annual revenues. Most of this revenue is generated through online distribution and sales and the biggest provider here is Valve Corporation’s Steam platform. There are over 7,500 game titles available on the Steam platform with some 125 million active users.

Steam’s popularity has consequently led to the service being attacked by hackers. Account hijacking is an obvious problem for a gaming platform, with players wanting to get access to other players credentials. With time the monetary value of Steam-based virtual goods increased, after introducing Steam Trading the number of hijacked accounts skyrocketed, attracting hackers who are out for a fast buck. Hijackers can use the platform’s trading features to make money out of a user’s inventory. Valve reported that in 2015 around 77,000 accounts were hijacked every month.

Steam is well aware of this problem and did compensate affected users but, as they mention themselves, it is not the ideal solution:


Once an account was compromised, the items would be quickly cleaned out. They'd then be traded again and again, eventually being sold to an innocent user. Looking at their account activity, it wasn't too hard to figure out what happened, but undoing it was harder because we don't want to take things away from innocent users. We decided to err on the side of protecting them: we left the stolen goods, and we created duplicates on the original compromised account to replace them. We were fully aware of the tradeoff here. Duplicating the stolen items devalues all the other equivalent items in the economy. This might be fairly minor for common items, but for rare items this had the potential to significantly increase the number in existence.


A new Kapersky Lab report takes a closer look at Steam’s problem. Apparently Steam credentials are cheap to have, rights for a credential stealer start at $3 and for an extra $7 you get the source code and a user manual. The complete process is well documented opening the door for newbies and “script-kiddies” to take a shot at hacking.


Even though phishing and spear-phishing attacks are always popular among the most active social engineers in the dark corners of the Internet, a new breed of malware, known innocently as a “Steam Stealer” is the prime suspect in the pilfering of numerous user accounts from Valve’s flagship platform. Evolving bit-by-bit from a leaked source on a remote Russian forum, stealers took off once they were proven to be extremely profitable by criminals all around the globe. Available for sale in different versions, with distinct features, free upgrades, user manuals, custom advice for their distribution, and more, stealers have turned the threat landscape for the entertainment ecosystem into a devil’s playground.


With over 12 million concurrent users, Steam is attracting the attention of better organized and professional hacking gangs. The sheer number of accounts and the simplicity of cracking them has made it financially attractive for hackers to spend more time and energy on the Stream platform.

At the end of the report, Kapersky gives Steam users the following advice:

In terms of preventive measures, we recommend users familiarize themselves with Steam’s updates and new security features, and enable two-factor authentication via Steam Guard as a bare minimum. Bear in mind that propagation is mainly (but not solely) done either via fake cloned websites distributing the malware, or through a social engineering approach with direct messages to the victim. Always have your security solution up to date and never disable it; most products nowadays have a “gaming mode” which will let you enjoy your games without getting any notifications until you are done playing. We have listed all the options Steam offers users to protect their accounts. Remember that cybercriminals aim for numbers and if it’s too much trouble they’ll move on to the next target. Follow these simple recommendations and you will avoid becoming the low hanging fruit.


Stay safe.


Jae Nguyen

Jae travels around Europe a lot and has a passion for tech and cars. He has a fascination for AI and "Android"s.


The top antivirus programs for your iPhone

With the launch of new age smartphones, security risks have literally increased tenfold. Hackers and malware developers are doing their best to crack into your phone and mess it up or steal all the data. And with the new technologies being used in modern smartphones, this has become extremely easy. So today we will take a look at some of the top antivirus software you can use on your iPhone for better security. Read on to find out more. McAfee Mobile Security McAfee is considered as the perfect security tool for your iPhone if you want to keep nosy family members and friends away from the...

IoT, its future and its impact on our lives

A radical change in our lives brought about by the Internet of Things – An overview

How to get your business through stormy weather

Having your own business is very rewarding in many ways, but it comes with a price. When you run your own business, no matter how big or small, you are responsible for yourself and the people that you employ, there is no monthly paycheck unless you provide for it. That is why having a solid financial base is crucial to keep your business alive if or when the going gets rough. There are lots of reasons your income or turnover could slack, not the right season, the economy is slow, there is a new and better product on the market or even new competition. In most cases, if you play your cards...