U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Watch out, hacked Steam accounts used as an attack vector

Malware researcher discovered a Reddit user which is warning of the existence of hacked Steam accounts used to spread a Remote Access Trojan (RAT). This week the popular malware researcher Lawrence Abrams from Bleepingcomputer.com has found a worrisome message on Reddit. The Reddit user with the moniker Haydaddict was warning of the existence of compromised Steam accounts spreading […]

Watch out, hacked Steam accounts used as an attack vector

Malware researcher discovered a Reddit user which is warning of the existence of hacked Steam accounts used to spread a Remote Access Trojan (RAT).

This week the popular malware researcher  from Bleepingcomputer.com has found a worrisome message on Reddit. The Reddit user with the moniker Haydaddict was warning of the existence of compromised Steam accounts spreading a Remote Access Trojan (RAT).

“Quinn Lobdell hacked on Steam. Please be aware if others try to send you sketchy links. Scrub Killa and Jessie affected as well.” reads the post.

The accounts were used to send chat messages containing links to videomeo.pw to watch a video.

Hacked Steam accounts

“When the target went to the page, they would be greeted with a message stating that they needed to update Flash Player in order to watch the video.” explained Lawrence Abrams in a blog post.

Hacked Steam accounts

The trick is quite simple and leverages on the user’s curiosity when it downloads and executes the Flash Player installer apparently nothing happens, but in reality the victim has opened its machine to the attacker.

The Flash Player installer executes a PowerShell script (zaga.ps1) that downloads a 7-zip archive, 7-zip extractor, and a CMD script from a remote server (http://zahr[.]pw).

The PowerShell then launches the CMD file, which extracts the sharchivedmngr to the %AppData%\lappclimtfldr folder and configures Windows to automatically start an instance of the NetSupport Manager Remote Control Software, renamed as mcrtvclient.exe, when the victim logs in.

When the victims will log in the infected machine, the NetSupport Manager will connect to the NetSupport gateway at leyv.pw:11678 and await commands, at this point the attacker has complete control over the victim’s machine.

“For those who are concerned they are infected with this Steam Trojan, I suggest they check the %AppData% folder for the specified folders.” suggests Lawrence Abrams in order to check if the system is compromised.

Every time you visit a link be careful, and make sure to have installed up to date defense solutions.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Hacked Steam accounts, malware)