Steam Used (Again) To Trick Gamers Into Installing Malware

For the second time in two months, a hacker has used Steam to circulate malware to unsuspecting gamers. This time, the attack arrived through a demo for a game called “Sniper: Phantom’s Resolution.”

The game advertised itself as an action-packed first-person shooter that was slated to release in this year’s second quarter. But earlier this week, a Reddit user warned that the game’s demo appeared to be a computer virus.

To avoid detection, the hacker didn’t circulate the malicious demo on Steam directly. Instead, the game’s Steam page featured a link to the developer’s external website, sierrasixstudios.dev, which contained another link to download the demo from a file-sharing site. 

The Steam page for the game and the link to the external page. (Valve’s Steam)

An archived view of the external page hosting the malicious demo. (Wayback Machine)

To lure gamers into installing the demo, the Reddit user “FERAL_WASP” noted that they learned about Sniper: Phantom’s Resolution through a random direct message on the Discord chat platform. A further analysis of the demo shows it can intercept a PC’s network traffic and steal cookies from an internet browser to break into the victim’s online accounts. 

Steam’s owner, Valve, didn’t immediately respond to a request for comment. But the Steam page for Sniper: Phantom’s Resolution has since been taken down. 

The incident occurs a month after a separate game called “PirateFi” was released on Steam and able to circulate malware directly to users on the platform. How PirateFi evaded Steam’s safeguards remains unclear. But to promote the game, the hacker used a bot on Telegram to advertise a paid position to gamers to act as a chat moderator for PirateFi. 

While PirateFi was a fake game, evidence is emerging that Sniper: Phantom’s Resolution might be a real FPS shooter under development from a team called Sierra Six Studios. 

“Our team has fallen victim to a scam where someone purchased a domain in our name and set up a repository with a downloadable game that was fraudulent and contained malware,” wrote a Sierra Six Studios representative named “Andrew.” 

In a Reddit post, Andrew added: “We named our developer account sierrasixstudios.dev because we planned to create a website if the game gained attention from players. However, we hadn’t purchased the domain yet, as it wasn’t a priority at the time. Unfortunately, someone scraped the name, registered the domain, and used it for malicious purposes.”

Andrew’s post also indicates the Steam page for Sniper: Phantom’s Resolution was legitimate. The problem is it featured a link to sierrasixstudios.dev, which the team had yet to register the domain for. As a result, a hacker was able to swoop in, buy the domain, and host malware over a look-alike site. 

“​​This was a major oversight on our part. We’ve since changed the developer account name to prevent further confusion. Honestly, if we hadn’t added ‘.dev’ at all, this situation might have been avoided, as there would have been no direct link to us,” Andrew added.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.

About Michael Kan

Senior Reporter

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan