company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

Info Stealer

Games

loading..
loading..
loading..

Steam Malware Game Infects 1,500+ PCs Valve Axes Data Theft Demo

Valve pulls malware-laced Steam game after data theft risks, mass PC infections. Urgent scans advised

22-Mar-2025
3 min read

Valve Corporation has removed the game Sniper: Phantom's Resolution from its Steam platform after users reported that its demo installer deployed information-stealing malware on their systems. This is the second time in a month that a Steam title has been linked to malicious activity, raising questions about platform security and vetting processes.

Suspicious Title and Developer

Developed by Sierra Six Studios, Sniper: Phantom's Resolution was advertised as an early-access tactical shooter slated for release in early 2024. However, players grew wary when the game’s Steam page featured assets and descriptions seemingly plagiarized from other popular titles. Further red flags emerged when users were instructed to download the demo from an external GitHub repository instead of Steam—a deviation from standard platform protocols.

On Wednesday, Sierra Six Studios warned players to avoid third-party downloads, claiming external sources posed “security risks.” Ironically, even users who followed Steam’s official download link received the same malware-laden installer hosted on GitHub.

Malware Analysis

Reddit users and cybersecurity enthusiasts dissected the installer, revealing alarming findings. The file, named Windows Defender SmartScreen.exe—a title mimicking legitimate Microsoft software—contained multiple attack tools: a privilege escalation utility to gain administrative access, a Node.js wrapper to execute scripts discreetly, and Fiddler, a tool capable of intercepting web traffic and stealing cookies.

The malware also employed evasion tactics, such as rapidly terminating Node.js scripts to avoid detection. For persistence, it executed createShortcut.vbs, a script adding the malicious executable to the system’s startup tasks.

Developer’s Shadowy Footprint

Investigators traced the GitHub repository hosting the installer to an account named arda1337, which also hosts cryptocurrency tools and Telegram bot kits—common resources for cybercriminals. GitHub swiftly removed the repository after reports surfaced, and Valve followed suit by delisting the game on Thursday. The developer’s website, sierrasixstudios[.]dev, has since gone offline.

User Risks & Recommendations

Players who installed the demo are urged to:

  1. Immediately uninstall the game.
  2. Run full system scans using reputable antivirus software.
  3. Monitor accounts for suspicious activity, as stolen cookies and data could enable identity theft or financial fraud.

A Recurring Problem for Steam

This incident follows last month’s PirateFi controversy, where a game distributed the Vidar infostealer to 1,500 users. Despite Steam’s robust security infrastructure, critics argue that its open submission model allows bad actors to exploit gaps in pre-release vetting.

Industry Reactions

Cybersecurity firm MalwareBytes tweeted: “This case underscores how attackers weaponize gaming hype. Always verify downloads, even on trusted platforms.” Meanwhile, Valve has yet to issue a public statement on its review process.

Broader Implications

The incident highlights growing concerns about malware distribution via legitimate platforms. As cybercriminals increasingly target gamers—a demographic often granted high system permissions—experts advise vigilance and multi-layered security measures.