Steam Demo Infects Players with Spyware Instead of a Game
An alarming incident recently occurred on the Steam platform: the game “Sniper: Phantom’s Resolution” turned out to be a front for distributing malicious software. After numerous user complaints about system infections following the installation of the demo version, Valve quickly removed the game from the store.
The game was being developed under the name “Sierra Six Studios” and was scheduled for release in the coming months. The demo, officially listed on Steam, was meant to give players a preview of the project. However, even this official source posed a significant security risk to users.
How the Scam Was Uncovered
Signs of fraud appeared before moderators intervened—attentive players noticed that the game’s description and graphics were copied from other projects, and the demo file was being downloaded via an external GitHub link, which violates Steam’s rules.
The demo file was disguised as “Windows Defender SmartScreen.exe” and contained several malicious components: privilege escalation tools, a Node.js shell, and the Fiddler traffic interceptor, which can extract cookies and other sensitive information.
Additionally, several Node.js scripts were launched and immediately terminated—a classic tactic to evade antivirus detection. One such script, “createShortcut.vbs,” added the malicious file to the system’s startup, ensuring it would run every time Windows started.
Suspicious Developer Activity
The developer’s GitHub profile, under the nickname “arda1337,” also raised suspicions. In addition to the game loader, the profile hosted tools related to cryptocurrencies and Telegram bots—areas often associated with cybercrime. After community complaints, GitHub staff quickly deleted the repository, and the game was removed from Steam a day later. Soon after, the developer’s official website (sierrasixstudios[.]dev) also went offline.
What to Do If You Installed the Demo
Users who installed the demo are very likely infected with malware. It is strongly recommended to immediately delete the game, scan your system with antivirus software, and check for any suspicious programs in your startup list. Pay special attention to processes related to Node.js and manually remove any added shortcuts. Valve has not yet commented on the situation.
Not the First Incident
This is the second such incident on Steam in recent times. In February, Steam removed the game PirateFi from the platform after discovering it contained malicious software. Users who downloaded the game received a warning from the company, recommending a full reinstallation of Windows to completely eliminate the threat.
Hackers frequently target the gaming industry, embedding malicious code in popular game files. For example, last year saw a campaign using an infostealer trojan aimed at Call of Duty players, and in 2023, a self-spreading virus massively infected users of an older installment in the same franchise.