Home / malware Infostealer.Staem
First posted on 04 April 2015.
Source: SymantecAliases :
There are no other names known for Infostealer.Staem.
Explanation :
The Trojan may arrive on the compromised computer through malicious links delivered through Steam chat.
When the Trojan is executed, it will terminated the following file:
Steam.exe
The Trojan will then display the following message:
The Trojan copies itself to the following location and replaces the previous file:
%SteamDirectory%\Steam.exe
Note: %SteamDirectory% is the directory where Steam is installed.
The Trojan renames the original %SteamDirectory%\Steam.exe file to the following file name:
%SteamDirectory%\Dumper.exe
The Trojan executes the following file, which is now malicious:
%SteamDirectory%\Steam.exe
The Trojan displays the following fake login screen:
The Trojan steals any credentials entered in the fake login screen and saves them in the following location:
%SteamDirectory%\data.txt
The Trojan connects to the following remote location:
5.39.124.175
The Trojan may download and execute potentially malicious files.Last update 04 April 2015
