A brand new steam spam campaign proves that due to the reuse of passwords, the latest mega breaches are risking our Internet security every day.
Over the past week, Steam gamers have been warning each other about a new spam campaign trying to transfer them to a website to download malware on their computers. Once downloaded, the malware lets cyber criminals to take control of their machines.
The new spam campaign begins with a hacker taking over a legitimate Steam account. Currently, it is thanks to the large number of data breaches disclosed this year, many of which included cleartext passwords.
In case the Steam gamers haven’t turned on two-factor authentication for their Steam accounts and reused the same password on multiple websites, the attackers can gain control over their accounts, and use this newly-found access to spam their friends with malicious links after that.
Due to the fact that the messages are sent from a legitimate source, most PC users will open the link. In the latest spam campaign, the link leads to a website supposedly hosting a video of a recorded CS:GO gameplay, for which the user needs to install Flash Player. Unfortunately, this is just a trick to lure users into downloading a malware-laced file.
Lawrence Abrams from Bleeping Computer claims that in the particular case, users downloaded an executable that ran a PowerShell script, which installed the so called NetSupport Manager Remote Control Software.
NetSupport is a legitimate software package which is similar to TeamViewer, allowing users to connect to remote computers. In the described case, the NetSupport package came pre-configured to connect back to the crook’s server. The hacker just had to authenticate on the server and take control over his latest victim’s computers.
Lawrence Abrams advises Steam gamers to check their PCs for the presence of the %AppData%lappclimtfldr folder. If they find it, they’re probably infected with malware.