Industry News

Steam users beware! Bad guys hide malware inside fake game demos

Steam users are being warned to be on their guard after cybercriminals were found trying to infect video game fans by disguising their malicious downloads as cool new games.

According to media reports, the popular Steam game service fell foul of fraudsters who created fake pages on the site in a bid to trick unsuspecting gamers into installing malware on their computers.

The bad guys took a demo of a genuine new game, Octopus City Blues, and replicated its page on the “Greenlight” section of the Steam site.

And, by all accounts, the bogus page was pretty convincing – with trailer videos, screenshots and full descriptions of what players could expect from the game which describes itself s “the authentic Octopus City simulation for Windows, OS X and Linux. A surreal adventure about everything and nothing.”

However, if you were tempted to try out the seven-level demo of the game and click on its download link you would have been taken to a site spreading malware.

The team behind Octopus City Blues stumbled across the malfeasance, and tweeted a warning to its fans.


Wow. Someone copied our Steam page to spread malware. Their virus demo contains 7 levels! Gotta step our game up [LINK]

Octopus City Blues designer Firas Assaad told Kotaku that whoever was behind the deception was trying to stamp out warning messages posed by the community:

“There were a few comments on the fake page warning people, but it seems that they were deleted. If it stays up I might send a DMCA complaint since companies take them more seriously.”

Steam has since erased the offending webpage, and another purporting to be related to a game called Garlock Online.

Of course, as Steam grows in popularity there are likely to be more and more attacks like this. For the community to feel safer it would be preferable if the site did more to proactively protect its members from online criminals, perhaps requiring developers posting demos of new games to jump through more hoops to prove their identity.

And, it should go without saying, that it’s no use having a mechanism for reporting abuse on the site if it takes days to follow-up on complaints. The longer webpages like the one created for the malware-laced edition of Octopus City Blues, the more users are put at risk of having their computers compromised by malware.

Online gaming communities seem set to become more and more targeted by online criminals, scammers and fraudsters. Earlier this year, for instance, a warning was issued about malicious “WTF?” links being spread via Steam’s chat system.

Keep your wits about you, your computer secured with the latest patches and anti-virus software, and always be careful about what software you decide to download from the internet. It might be pretending to be a fun-filled harmless game, but actually be hellbent on infecting your system to earn money for its masters.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.