New Steam escrow system drives impatient users to fake trading sites serving malware

On Wednesday, Valve introduced a new “trade hold” system that should prevent scammers from stealing items from Steam users’ hijacked account, or at least minimize the occurrence of such incidents.

“Account theft has been around since Steam began, but with the introduction of Steam Trading, the problem has increased twenty-fold as the number one complaint from our users,” the company noted. “Enough money now moves around the system that stealing virtual Steam goods has become a real business for skilled hackers. We see around 77,000 accounts hijacked and pillaged each month.”

The new system does not present a problem for users who employ two-factor authentication by way of the Steam Guard Mobile Authenticator.

“Anyone using the Steam Guard Mobile Authenticator to confirm trades is able to continue trading as always. Users who haven’t enabled it, or can’t, can still trade, but they’ll have to wait up to 3 days for the trade to go through,” the company explained. “This gives both Steam and users the time to discover their accounts have been hacked and recover it before the hackers can steal their items.”

The system was, understandably, not welcomed by some users, and it didn’t take long for scammers to take advantage of this discontent.

“We recently found a fake domain for CSGO Shuffle, a popular betting site for streamers and players of Counter-Strike: Global Offensive (CS:GO) to trade item skins,” shared Malwabytes’ Jovi Umawing. “Take note that instead of taking on the current look of the Shuffle site, it has taken on the guise of Steam’s trading window.

The fake site promises that any transaction will be executed immediately, but in order to do that, the user is urged to run an application dubbed Escrow (click on the screenshot to enlarge it):

Those who fall for the trick will download the Escrow.exe file from a Dropbox account, and it they are unlucky and their AV solution doesn’t detect the file as malicious, they will run it and get saddled with a backdoor Trojan.

This malicious site is located on csgoshuffle-trade[DOT]com, but it’s quite possible there are similar ones already online or soon will be, so Steam users are advised to be careful, and to remember that there is only one application that Steam users have to download: the Steam Mobile app.

“Any additional programs that users are encouraged to install onto their devices from unofficial third-party destination sites, such as the above, are highly suspect and must be avoided,” Umawing noted.

Don't miss