Valve Corporation has removed the game Sniper: Phantom's Resolution from its Steam platform after users reported that its demo installer deployed information-stealing malware on their systems. This is the second time in a month that a Steam title has been linked to malicious activity, raising questions about platform security and vetting processes.

Suspicious Title and Developer

Developed by Sierra Six Studios, Sniper: Phantom's Resolution was advertised as an early-access tactical shooter slated for release in early 2024. However, players grew wary when the game’s Steam page featured assets and descriptions seemingly plagiarized from other popular titles. Further red flags emerged when users were instructed to download the demo from an external GitHub repository instead of Steam—a deviation from standard platform protocols.

On Wednesday, Sierra Six Studios warned players to avoid third-party downloads, claiming external sources posed “security risks.” Ironically, even users who followed Steam’s official download link received the same malware-laden installer hosted on GitHub.

Malware Analysis

Reddit users and cybersecurity enthusiasts dissected the installer, revealing alarming findings. The file, named Windows Defender SmartScreen.exe—a title mimicking legitimate Microsoft software—contained multiple attack tools: a privilege escalation utility to gain administrative access, a Node.js wrapper to execute scripts discreetly, and Fiddler, a tool capable of intercepting web traffic and stealing cookies.

The malware also employed evasion tactics, such as rapidly terminating Node.js scripts to avoid detection. For persistence, it executed createShortcut.vbs, a script adding the malicious executable to the system’s startup tasks.

Developer’s Shadowy Footprint

Investigators traced the GitHub repository hosting the installer to an account named arda1337, which also hosts cryptocurrency tools and Telegram bot kits—common resources for cybercriminals. GitHub swiftly removed the repository after reports surfaced, and Valve followed suit by delisting the game on Thursday. The developer’s website, sierrasixstudios[.]dev, has since gone offline.

User Risks & Recommendations

Players who installed the demo are urged to:

1. Immediately uninstall the game.
2. Run full system scans using reputable antivirus software.
3. Monitor accounts for suspicious activity, as stolen cookies and data could enable identity theft or financial fraud.

A Recurring Problem for Steam

This incident follows last month’s PirateFi controversy, where a game distributed the Vidar infostealer to 1,500 users. Despite Steam’s robust security infrastructure, critics argue that its open submission model allows bad actors to exploit gaps in pre-release vetting.

Industry Reactions

Cybersecurity firm MalwareBytes tweeted: “This case underscores how attackers weaponize gaming hype. Always verify downloads, even on trusted platforms.” Meanwhile, Valve has yet to issue a public statement on its review process.

Broader Implications

The incident highlights growing concerns about malware distribution via legitimate platforms. As cybercriminals increasingly target gamers—a demographic often granted high system permissions—experts advise vigilance and multi-layered security measures.