image
Look out for SteamHide, an emerging loader malware that disguises itself inside profile images on the gaming platform Steam, which researchers think is being developed for a wide-scale campaign. Steam’s most recent data said the platform has more than 20 million users playing games, including popular titles like Counter-Strike: Global Offensive, Dota 2 and Apex Legends. “While hiding malware in an image file’s metadata is not a new phenomenon, using a gaming platform such as Steam is previously unheard of,” G Data analyst Karsteen Hahn said about SteamHide in a new disclosure report, which builds on the original find by @miltinhoc on Twitter: The malware downloader is hiding in the Steam profile image’s metadata, specifically in the International Color Consortium (ICC) profile, a standardized set of data to control color output for printing. Attackers hide their malware in benign images commonly shared online, including memes like “blinking white guy” used in the G Data analysis example. “The low-quality image shows three frames of the ‘white guy blinking’ meme alongside the words January, a black screen, and September,” Hahn added. “The image content itself does not seem to make sense.” Victims of this profile image scam don’t have to be on Steam or have any gaming platform installed, G Data’s researchers found. And updating the malware only requires uploading a new profile pic. The profile image data only contains the downloader that fetches additional malware, the…

Source