A Fake Game Opened the Door for Hackers into Players' Systems
A serious security incident occurred on the Steam platform— the game Sniper: Phantom's Resolution turned out to be a front for distributing malware. After numerous complaints from users who noticed infections on their systems after installing the demo version, Valve swiftly removed the game from the store.
The game was allegedly developed under the name Sierra Six Studios and was set for release in the coming months. The demo version, officially listed on Steam, was supposed to provide an early preview of the project. However, even an official source on Steam posed a significant security risk for users.
Signs of deception appeared even before moderators intervened— observant players noticed that the game’s description and graphical elements had been copied from other projects, and the demo file was downloaded via an external GitHub link, which violates Steam’s policies.
The demo file was disguised as Windows Defender SmartScreen.exe and contained multiple malicious components, including privilege escalation tools, a Node.js runtime, and the Fiddler traffic interceptor, capable of extracting cookies and other sensitive information.
Additionally, multiple Node.js scripts were executed and immediately terminated— a classic evasion tactic to bypass antivirus detection. One such script, createShortcut.vbs, added a malicious file to the system's startup, ensuring it would launch every time Windows booted.
Malicious Game on Steam (Internet Archive)
Further suspicions arose from the GitHub profile of the developer, known as arda1337. Along with hosting the game’s loader, the profile also contained tools related to cryptocurrency and Telegram bots— both commonly associated with cybercriminal activity. After community reports, GitHub swiftly deleted the repository, and within a day, the game was also removed from Steam. Shortly after, the official website of the developer— sierrasixstudios[.]dev— also went offline.Malicious Game on Steam (Internet Archive)
Users who installed the demo version are highly likely to be infected with malware. It is strongly advised to immediately delete the game, run a full antivirus scan, and check for suspicious programs in system startup settings. Particular attention should be paid to suspicious processes related to Node.js and manually remove any unauthorized shortcuts. Valve has not yet commented on the situation.
This marks the second similar incident in recent times. In February, Steam removed the game PirateFi from the platform after discovering it contained malware. Users who had downloaded the game received a warning from Valve recommending a full Windows reinstallation to ensure complete removal of the threat.
Hackers frequently target the gaming industry by embedding malicious code into the files of popular games. For example, last year, a campaign using an infostealer trojan targeted Call of Duty players, and in 2023, a virus with self-propagation capabilities infected users en masse through an older installment of the same franchise.
