Fake “Steam Cracker” steals user credentials

Users of Valve’s Steam game platform are once again targeted by malware peddlers, and this time the lure is a “Steam Cracker”.

The cracker is being offered on YouTube and on a variety of gamer forums, and supposedly it gives the users access to all the games for free:

The individuals behind the scheme offer simple instructions for installing the software: disable your antivirus software and firewall, then replace the original steam.exe file with the downloaded, cracked one.

“The file in question is a fake Steam client, which uses aspects of the real thing but just falls short of being 100% convincing (file size, file and of course the fact that this file isn’t digitally signed unlike the real Steam executable),” points out GFI’s Chris Boyd.

If the user runs Windows Vista or later versions of the platform, the file runs and shows the fake client that looks rather legitimate.

The creators have even included the legitimate store.steampowered.com pages inside the user interface and links to the genuine Playstation Network ID login page, says Boyd, but warns that even though the phishing of credentials isn’t so obvious, it doesn’t mean that the users’ login credentials are safe.

“The fake Steam client wants the serials of games galore along with more general programs such as design packages, movie players, system defraggers, code tweakers, iPod converters-¦” he explains. To do that, the malware employs keylogging.

Don't miss