Watch out: profile images on Steam could contain malware

Watch the Sonic Symphony 30th anniversary concert here today

Sega are continuing their celebration of Sonic’s 30th with an orchestral concert featuring other musical special guests.

Naughty people are reportedly hiding malware in Steam profile images, so go careful what you download from Valve’s gaming platform. Named SteamHide, the malware isn’t the picture itself, but is tucked away in its metadata, waiting to be activated by a separate malware downloader. It’s not something to worry about if you’re using Steam normally – you’d need to be clicking on dodgy emails or visiting dubious websites to even get the extra necessary malware to activate the Steam stuff – but it’s worth keeping an eye on, just in case.

According to G Data, “malicious users” are specially crafting profile images to contain malware. Because of the way it’s created, the malware can’t be detected by antivirus software. These images can’t do much on their own though, G Data says it’s “payload” malware that requires even more malware to activate it.

Basically, you’d need to have downloaded some other bit of nasty malware (from rotten websites or spam emails) that would act as a decrypter. Damage can only be caused with both bits of malware.

“It should be noted that in order to become a target for this method, no installation of Steam – or any other game platform – is required. The Steam platform merely serves as a vehicle which hosts the malicious file,” G Data say.

Farming Simulator 22 is headed into the field on November 22

Giants Software have announced the launch date for the next Farming Simulator with a new trailer that also introduces new crops such as grapes and olives.

“The heavy lifting in the shape of downloading, unpacking and executing the malicious payload is handled by an external component which just accesses the profile image on one Steam profile. This payload can be distributed by the usual means, from crafted emails to compromised websites.”

G Data emphasises that Steam users aren’t at an increased risk of infecting their devices just by having Steam installed – even opening one of these modified images in a viewing application won’t infect your PC. Hiding malware in pictures in this way isn’t new either, it’s just a method that supposedly hasn’t been seen on gaming platforms before.

It’s the kind of thing you can avoid by doing the usual and being sensible about what you click on. Also, I don’t know who would bother downloading other players’ profile pics, but on the off chance that’s you, you should probably stop to be safe.

If you’re interested in the technical bits, here’s the link to that G Data article again where they explain in detail how the malware works.

This is probably the most painfully beautiful Minecraft texture pack

The Brixel resource pack for Minecraft just recently released its full version and it sure is lovely to look at even if stepping on it would be painful.