New Malware Can Drain Your Steam Wallet and Inventory Dry

By David Yee

F-Secure labs is reporting a new malware that can empty Steam wallets and user inventories by hijacking the Steam client to trade and sell items. Fortunately for most of us, it seems one would have to be especially careless or incredibly gullible to get infected by this malware. The malware was first reported by a concerned Twitch user taking notice of phishing links posted on Twitch stream chats by bots.Steam MalwareSteam MalwareClicking the link leads to a Java program that first asks for name, email, and confirmation. After entering in the requested information and accepting the fake terms, the Java program drops a Windows binary file which executes a set of commands to buy items with Steam Wallet funds and then sell or trade items in the account inventory.

  • Take screenshots
  • Add new friends in Steam
  • Accept pending friend requests in Steam
  • Initiate trading with new friends in Steam
  • Buy items, if user has money
  • Send a trade offer
  • Accept pending trade transactions
  • Sell items with a discount in the market

F-secure Labs calls this malware Eskimo. Steam normally blocks trading and selling when an account is detected being used on an unauthorized computer. However, this new malware completely skirts that security feature because its actions are done from the victim’s own computer.