Users of Valve’s Steam game sales and distribution platform are being targeted by malware peddlers; the lure is a "Steam Cracker." It is being offered on YouTube and on many gamer forums, and it supposedly gives the users access to all games for free.
The scammers offer instructions for installing the software: disable antivirus software and firewall, then replace the original steam.exe file with the downloaded, cracked one.
"The file in question is a fake Steam client, which uses aspects of the real thing but just falls short of being 100 percent convincing (file size, file, and of course the fact that this file isn’t digitally signed unlike the real Steam executable)," a GFI researcher said.
If the user runs Windows Vista or later versions of the platform, the file runs and shows the fake client that looks legitimate.
The creators even included the legitimate store.steampowered(dot)com pages inside the user interface and links to the genuine Playstation Network ID log-in page, the researcher said, but he warned that even though the phishing of credentials is not obvious, it does not mean the users’ log-in credentials are safe. The fake Steam client looks for the serial codes of games along with more general programs such as design packages, movie players, system defraggers, code tweakers, and iPod converters, the researcher explained.
The malware employs keylogging to accomplish this task.
Source: Fake "Steam Cracker" Steals User Credentials - (http://www.net-security.org/malware_news.php?id=2079&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader)
Reference: Steer Clear of Steam Cracker - (http://www.gfi.com/blog/steer-clear-of-steam-cracker/)