Steam :: Steamworks Development :
https://steamcommunity.com/groups/steamworks/announcements/detail/3749866608167579206

Beware of Steam malware - Valve upgrades security following threats, here's what we know
https://news.yahoo.com/beware-steam-malware-valve-upgrades-205102881.html


Simon Carless on X: "Wondering why Steam devs will have to confirm via SMS before publishing new game versions or adding users? (img url link.) Looks like it's related to hackers taking over Steam dev accounts & adding malware to game builds. (Screenshot via @SteamDB from Sept. 2023.)" / X
https://twitter.com/simoncarless/status/1711841332124336520


[Scan!]
Cyber Security Software & Anti-Malware | Malwarebytes
https://www.malwarebytes.com/
[Discussion Post URL SCAN!]
VirusTotal
https://www.virustotal.com/gui/home/url


[What's the real story?]
In a very limited environment, there may be people who have received something temporarily bad in their hands.

Remember to do a security scan just in case.

 Lately, people have been planting malware and viruses in images and forwarded URLs.
 Please consider multiplying your security measures.


🤔I have an idea of many disturbing things, but I can't tell people right now.
Be alert and be careful.
I can say this.

1 year ago

Comment has been collapsed.

Do you run some sort of security scan once daily?

View Results
YES!
NO!
🥔
Multiple measures are in operation in real time. It is absolutely critical to protect 🥒!!

A post concerning security and you post a news article via Yahoo News, one of the most malware-infested news aggregators, re-reported via TechRadar, one of the most ad-infested re-re-reporter outlets. Nice.

Here's the PCGamer article they're re-reporting: https://www.pcgamer.com/steam-malware-attack-new-security/
Fewer than 100 Steam users were confirmed to have the affected "games" installed, and by the name of one confirmed title, it's mostly shovelware accounts that are being targeted. Valve is being proactive and shoring up security before it becomes a more widespread issue. This sounds more like a win for Valve rather than a call of "Malware for Everyone".

1 year ago
Permalink

Comment has been collapsed.

, one of the most ad-infested re-re-reporter outlets. Nice.

Ha ha. I think you're generally right.
The public only wants to open such places. It's sad. ...... I personally don't like Yahoo, although I don't mind largely because they don't show ads to me.

Well, let's consider that things are just the tip of the iceberg and take precautions.

1 year ago
Permalink

Comment has been collapsed.

I guess more people are interested into the game right away, so I just add the link to the mentioned game: https://store.steampowered.com/app/2215190/NanoWar_Cells_VS_Virus/.
While it's surely not a masterpiece, page and reviews make it appear like a proper indie game and not shovelware. The dev's announcement "The game is totally safe" doesn't mention the hack and malware part, but at least they explained more about it in this discussion posting: https://steamcommunity.com/app/2215190/discussions/0/3823046931423289702/#c5643629075665268140.

Good thing that F2P games don't need to be installed anymore to keep them, otherwise surely more people would have had it installed at that time.

1 year ago
Permalink

Comment has been collapsed.

Yep. Yahoo is mostly AI junk written from other websites that actually do some work. I'm surprised anyone uses it anymore. I only hold onto my old yahoo email cause it's good for junk

1 year ago
Permalink

Comment has been collapsed.

If people are looking for a first line of defense, Bitdefender Free is one of the best on the market. It's active protection 24/7, it's extremely easy to use, and very novice friendly. https://www.bitdefender.com/solutions/free.html

If you can afford the upgrade from the Free version to the Total Security version it's worth it.

No program is going to be 100% effective in stopping everything so having something like Malwarebytes free stand alone scanner is great at detecting things that may have gotten through your activate protection. Link is in the OP.

1 year ago*
Permalink

Comment has been collapsed.

Yes, it is a good option if you can pay for it.(*p'Θ'q)♪

1 year ago
Permalink

Comment has been collapsed.

Bitdefender Free is a good option too, it just doesn't have all the things offered with Bitdefender Total Security. It's a lot easier to use Bitdefender Free as well.

1 year ago
Permalink

Comment has been collapsed.

Avast Free is (again) a decent AV, and also has RealTime Protection, complete with a Do Not Disturb mode for streamers.

1 year ago
Permalink

Comment has been collapsed.

Every time you see someone say my antivirus found a virus in your game they are using either Avast or AVG. They are the worst with false positives at least the most used ones.

1 year ago
Permalink

Comment has been collapsed.

Yeah... no. I mean, it does work as an antivirus, but it has a ton of fake positives, literal ads and takes up a ton of resources (at least the last time I had the pleasure of seeing it in action).
Windows Defender is included in Windows and it works just as fine if not even better...

1 year ago
Permalink

Comment has been collapsed.

Windows Defender is included in Windows and it works just as fine if not even better...

+

1 year ago
Permalink

Comment has been collapsed.

Good thing most people don't play any of the games in their Steam library. ;)

1 year ago
Permalink

Comment has been collapsed.

View attached image.
1 year ago
Permalink

Comment has been collapsed.

View attached image.
1 year ago
Permalink

Comment has been collapsed.

So glad at least here there's no clickbait sensationalist title that end up being bs. /s

1 year ago
Permalink

Comment has been collapsed.

Well, security-related tends to have a bit of an exaggerated title.😁
I have even witnessed something like this recently.
📝
🙄
The gaming community appears to be a constant target for those seeking to spread and exploit viruses and malware.
Malware and viruses seem to be spreading using people who have something to tell, right or wrong, as a springboard.

Do you run some sort of security scan once daily?
NO!53(59%)
🥔17(19%)
YES!10(11%)
Multiple measures are in operation in real time. It is absolutely critical to protect 🥒!!
10(11%)
(about 3 hours.)

That's a very large number of "no's" compared to my distant and uncertain memory of past statistics.
I'm hoping the vote is a BOT or a joke, since Windows doesn't automatically protect us.

1 year ago
Permalink

Comment has been collapsed.

Those NO's might not have a dedicated AV, but they still run M$ Defender in the background probably, which improved significantly since the times of it's early beginnings and is a decent protection today.

1 year ago
Permalink

Comment has been collapsed.

🙄…That was generally true around 2020.
I don't think that's going to be the case for a bit now.
Even yesterday, Bandai (the Gundam company) is suspected of leaking all the CAD data for their plastic models.

https://twitter.com/GOMAS2YU1/status/1714862851452756054
machine translation
"Like the recent bank incident, this really shows the sloppiness and vulnerability of Japan's current system construction and security management. CAD data that can make Gunpla from the just released Gundam Metaverse has been leaked, and Bandai's intellectual property has become free material...

 First, the contributor's tweet is a sarcastic expression and not rights-free.
It seems that the person who extracted the data was not from within Japan, but from overseas.
It is a nightmare to imagine a situation where a game you developed is sold to others as someone else's work.

1 year ago
Permalink

Comment has been collapsed.

Nah, listen to NB.
MS Defender running in the background, running Malware Bytes free version once a month and common sense (paired with "Stop the FOMO!") keeps the general user safe.

The general user won't get hacked, we're all not interesting enough for that.

1 year ago
Permalink

Comment has been collapsed.

The posted page in question, and the URL containing them, was posted on SteamGifts, which is a real threat, and that the page containing the latest malware and virus was posted.
 And the fact that there have been reports of them being exploited and used in attacks against Ukraine makes it impossible to say that they are safe.🔎🦠

 Well, to the extent that you don't open strange links or images or try to open suspicious game files.
 I would like to think too that someone with years of internet experience would not open them as a matter of course, and I would like to think it's okay.😁

 There are people out there who will try to disable all security measures, claiming that they are trying to get the best speed out of their games, so I would hope that they would take this opportunity to pay attention to that.😭

1 year ago
Permalink

Comment has been collapsed.

I'm not saying that there aren't threats out there. I wholeheartedly agree with you regarding this matter.

I'm just saying that the general user is safe if he uses MS Defender (because this program has gotten very, VERY good), an occasional check for Malware on all his devices once a month and a use of common sense, aka you don't click every link that promises you free stuff or without using your brain (oh, a parcel, but I didn't order anything, well, who cares, click the link) or without checking the target URL of any link within an email or a PM or everything else BEFORE clicking the link.

You don't need any additional antivirus software if you follow those basic rules.

I'm just tired of people crying "Oh, I'm HACKED" whenever they themselves are to blame because they use a device without knowing what the hell they are doing.

1 year ago*
Permalink

Comment has been collapsed.

Well, how do you tell me to be prepared if I can't just get the email or how do you tell me to be prepared? Sometimes it is not enough just to receive an email.
It seems that there are some humans who do troublesome things, such as making a page look like a forwarding link to just a news source instead of a free product.

If possible, increase the number of scans to once a week instead of once a month after checking for "virus definition updates".
These do not seem to be peaceful times.

Personally, though, I'd like to see you check with other security software.
Your own actions are respected.

I'm just tired of people crying "Oh, I'm HACKED" whenever they themselves are to blame because they use a device without knowing what the hell they are doing.

Things always have a cause, and if people haven't gone the extra mile for the most part, there are logs....

When I look at the logs of a certain human being's computer and see something that makes me want to scream that no matter how you look at it, it's your self-destruction...
I am worried that the use of the PC&internet will become a licensing system.😅

1 year ago
Permalink

Comment has been collapsed.

Personally, though, I'd like to see you check with other security software. Your own actions are respected.

Are you talking to me specifically?
If you do, see, I come from the IT-world and in addition I also use https://www.peerblock.com/ and https://www.iblocklist.com/, at the moment blocking 2.185.178.034 IP-addresses from accessing my PC and vice versa. Lists get updated roughly about twice per day.
This also isn't a 100% security guarantee, but I feel okay.

1 year ago*
Permalink

Comment has been collapsed.

Are you talking to me specifically?

No.
Most people scan with security software or do not have additional settings.
This statement is made in consideration of the fact that such people will read it.

https://www.peerblock.com/ and https://www.iblocklist.com/

But still, I don't see those two, although I know of similar services.... Thanks for the interesting info.✨


VirusTotal - URL - 7d5614040f5cc4286b4f6ab1f804cdc1ca91afe7bc24283c18c261b199aeb86d
https://www.virustotal.com/gui/url/7d5614040f5cc4286b4f6ab1f804cdc1ca91afe7bc24283c18c261b199aeb86d/summary


peerblock download 1.2 link.
Well, I'd like to think it's a false positive, since it's not detected by any well-known security software...

Nothing is 100% on the Internet, so you and I should stay careful in the future.

1 year ago
Permalink

Comment has been collapsed.

While I agree with you regarding Defender and Malware Bytes, people got hacked for Steam items. Every now and then we have threads about phishing links in Steam chat, because accounts got hacked and are used for distributing these.

1 year ago
Permalink

Comment has been collapsed.

Those aren't hacks. I'm tired of the misuse of this word. Phishing links and everything else aren't hacks.
A hack is when someone targets you specifically and gains access to your device by using malicious tools, backdoors or anything else in that matter.
Someone clicking a phishing link is someone using a device without the knowledge needed to use this device and/or not using common sense, often because he is blinded by greed (free stuff).
Those aren't hacks and humanity really has to stop misusing this word.
A person playing a flight simulator via Steam also isn't a pilot.

1 year ago
Permalink

Comment has been collapsed.

This. No antivirus manually running a scan once a day is gonna help someone who clicks "vote for my csgo item" or "free Ana Kournikova nude pics" or "Hey I'm your brother..." links and/or files.

Whomever claims that is a solution just keeps people in the dark about educating themselves about phishing and scams.

1 year ago
Permalink

Comment has been collapsed.

The once-a-day scan usually detects malware that was not previously known to the system.
It will be something that has been omitted from the real-time detection.

The story of removing it even once a day is that it is better to remove it while it is in a "dormant" state, and I think the element of stopping it from being a "stepping stone" and causing trouble to others without their knowledge is a bigger factor.

 However, leaving them sick is the most problematic, whether for humans or computers.
Doing nothing to prevent it is the worst thing you can do.

I think things have improved since the days of Windows 3.1 or Windows 95, when I was tormented by "heavy security software" and "useless" software.

However, it is easy to see the human tendency since the advent of smartphones for people who often prioritize playing games and work tasks over time to learn.

Now, you all and I...
"What methods are you using to
Are you eliminating malware?"
'Are you providing information to advertisers without our knowledge?'
. "Do you share anything with your vendors?"
Perhaps you would be interested.

But when I explain the importance of such things to the general public, they are usually not interested.

I have a feeling that these are probably not much different unless you have "had a bad experience in the past".
I don't think the global community has yet obtained a good means of understanding if we give this kind of guidance in common worldwide.

In any case, I would probably recommend that if there is a means by which things can be improved, it should be done.🤔

1 year ago
Permalink

Comment has been collapsed.

... I still think title could have been "Steam working to prevent potential game infections by beefing up security" or something along the lines.

1 year ago
Permalink

Comment has been collapsed.

That certainly could have been a choice.
But personally, some of the people who publish on Steam are mixed in with software that behaves in a way that is not written in the terms and conditions... I just don't trust them that much.
Of course, some issues are reported and fixed through Steam support and discussion, but sometimes there is no response.

1 year ago
Permalink

Comment has been collapsed.

I know that phishing and hacking are different things, thanks.

You wrote

The general user won't get hacked, we're all not interesting enough for that.

so I referred to that and simply took over your wording. Regarding the damage it doesn't matter to the victim, which offense it was. Regarding prevention it does, although your previously mentioned common sense is required in both cases again.

How do you know whether that Steam account which is abused to send chat messages with phishing links was originally hijacked via phishing or via malware? You don't. You can assume that it was also done by phishing, because the offender might only be able to do that, but it's still an assumption. We also only know that it's a phishing link if someone went there and told us about it. The website could also offer downloads (including malware) or abuse plugins.

The aforementioned game had malicious code in it, despite it being an indie F2P game without microtransactions. It shouldn't have been interesting enough for a hacker, right? But it was, maybe a beginner, maybe just a pretty bad buddy of the dev, we will most probably never get to know. But I know it's not the first time malware was distributed via Steam depots.

There are a lot of Steam users with public inventories and some of them have a lot of value. They might use the same credentials for banking, emails, maybe even at work (and that company might be a global player), so even the general user could be interesting.

If you insist on a proper wording regarding these terms, I would also expect you to not downplay another potential risk (and the quoted sentence appeared to me like that). Again, contrary to OP and others I'm also against panicking and installing antivirus software or even worse optimizers and whatever else is out there.

1 year ago
Permalink

Comment has been collapsed.

I voted NO at first but then I remembered that I block ads and scripts in my browser + I actually have Avast xD
Anyway - my problem with viruses disappeared when I stopped pirating games and stopped downloading files in Internet cafes (and transferring them back to my home on floppy discs) xD

1 year ago
Permalink

Comment has been collapsed.

block ads and scripts in my browser + I actually have Avast xD

Feel very secure.🍵🙂🍘
Perhaps you are taking advantage of something like this.

What is it? - NoScript: block scripts and own your browser!
https://noscript.net/
GitHub - gorhill/uBlock: uBlock Origin - An efficient blocker for Chromium and Firefox. Fast and lean.
https://github.com/gorhill/uBlock/

https://www.avast.com

stopped downloading files in Internet cafes

It seems that it is easy to get into strange situations when using Internet cafes or public terminals that are used by an unspecified number of people.yup((´Θ`*)yup..
Piracy... I remember a long time ago.🏴‍☠🦜⛵🛸<Ahoy!

1 year ago
Permalink

Comment has been collapsed.

Wow, that game is so meta.

1 year ago
Permalink

Comment has been collapsed.

[Game Community Sim]
A game where you try to revitalize the gaming community and get funding and backing to make the entire population of the planet community participants while working with and against trolls and pressure groups?

Superpowers in the rassemble frame!
Religious nation in the back boss slot!
The extra boss is an extraterrestrial intelligent life form!🛸

ヾノ'Θ'o)No, no, no, no.
What do you make me say? 😂
Of course I've never seen anything like that.

1 year ago
Permalink

Comment has been collapsed.

Just curious, which games are affected? And since they patched it, is it safe now? I'm wondering if i should take any action if i havent opened steam from desktop for a week or so.

1 year ago
Permalink

Comment has been collapsed.

It is outlined in the linked article or in the comments section here on this discussion.
📝
If you don't remember installing the app in question, you should generally be fine.
 Also, it seems that an update with some countermeasures is scheduled for October 24.

1 year ago
Permalink

Comment has been collapsed.

I only see 1 game name, but since they are stating games as plural, i assumed there are more, hence the question.
Thanks for the confirmation for the other answer btw :)

1 year ago
Permalink

Comment has been collapsed.

plural

Certainly curious.🔭
Wondering if the information is private or will be made public in the future.

 Given what Steam is saying about account hijacking targeting "developers", developers will have to be careful and that in itself will not change.
 Personally, even if there were developers who were hijacked, they are probably just old games that have stopped updating, and as such have stopped receiving updates and action from developers on the forums.
 The introduction of two-step authentication will certainly reduce the number of developers who will be hijacked further.
 There may possibly be some games that could be hijacked and impersonated by thieves before authentication is introduced, but that would be like the forum being abandoned and not updated for a long time.
 Well, I personally thought it might be a good idea to leave it completely alone and uninstall the games I don't play and see what happens.

1 year ago
Permalink

Comment has been collapsed.

Yeah name of game and name of studio why isn't that mentioned

1 year ago
Permalink

Comment has been collapsed.

steam did just asked to get past my firewall in the last 24 hours. thought it was weird cause ive never seen it before
said No like i always do to games

1 year ago
Permalink

Comment has been collapsed.

 I don't want to chat on Steam when you are away, I don't want to open the store, I don't want to do updates, I don't want to communicate with unknowns.
So I understand the feeling of blocking them.
(Our recommendation is to shut down the Steam client when not in use, which we think is easier and less likely to cause problems).

 Also, as Steam's support page states, if your system is contaminated with some malware, it is natural for suspicious communications to take place.
I think it is important to check for contamination.

Typically, Steam clients are in constant communication with Valve.
When they are online, in chat messages, when they open the Steam store, etc.
Or when you open the Steam store.
 They may also communicate with the download server for updates.

If you have logged ip the communication and scrutinized it, .......
If the server you are connecting to is not Valve.
For example, it is akamai, so it might be the server where the content is stored.
 (Well... If it is connecting to Russia, China, or North Korea, or communicating with a suspicious domain, that is an obvious anomaly.)
Some people might put those IPs into virustotal to see if it's a tainted server.

It may not necessarily be done via Steam's Client communication, it may be a suspicious communication from a game app, or it may be multiple suspicious malware interacting with each other to perform an unexpected evil action.
Rather than focusing on Steam alone, it would be better to check for other malware that may be introduced into the system as a whole for peace of mind.

Whether it's Steam, another site, or an outside source, if there is a possibility of contamination, it's another matter if others don't find the same anomaly as you.
I think scanning just to be sure is the right motivation.
 And if something really bad is detected, I think you should report it to Steam support just to be sure.

Steam Support :: Spyware, Malware, Adware, or Virus Interfering with Steam
https://help.steampowered.com/en/faqs/view/70D4-67C8-784D-692A
Steam Support :: Programs Which May Interfere with Steam
https://help.steampowered.com/en/faqs/view/1F39-DCB4-FF28-5748


The environment of use depends on the person, so this is what I'm talking about in general.🤔

1 year ago
Permalink

Comment has been collapsed.

Closed 1 month ago by Kappaking.