Telegram News

Source-attributed Telegram item

vx-underground: Hello, Awhile ago some guy on Xitter was talking about his friend being scammed and losing...

Source-attributed Telegram post from vx-underground: Hello, Awhile ago some guy on Xitter was talking about his friend being scammed and losing Counter Strike stuff. I'm not a gamer, I don't understand Counter...

Cyber & Hacking

vx-underground

@vxunderground | rank 12 | Tier 2 | Fast-alert source

Fast Alert Sensor Tier 2 Fast-alert source Malware-research community perspective Underground-source claims require extra corroboration source-attributed Telegram source claim Public Telegram post fast-alert sensor research source malware

Public Telegram feed monitored for malware and underground signals.

3.2K views 34 forwards 60 reactions Top 21.43% in source Source rank #4 Global pct 55.81

Original English English

Hello,

Awhile ago some guy on Xitter was talking about his friend being scammed and losing Counter Strike stuff. I'm not a gamer, I don't understand Counter Strike markets and stuff, but the gist of everything was he purchased an item and he was (in some capacity) scammed?

He said Steam support was DMing him over Steam. People were memeing him, saying Steam doesn't communicate over Steam like an instant messenger client. People questioned the validity of the images.

I had a bunch of people DM me, tag me on the post, etc. I saw it, but I was busy with my baby boy, so I put it on the back burner. However, it peaked my interest because it was extremely unusual. I do play stuff on Steam sometimes, and I've never seen or heard of malware which is curated to specifically target Steam coupled with social engineering work.

Two things

1. I get tons of messages, DMs, and emails. I can't find the original post anymore. If you know what I'm describing please comment it below, or something, I don't know. The post itself is interesting and provides context to second part of this write-up.

2. This is malware. I was on THE STREETS DAWG (talking with stinky nerds on Telegram) passively to see if anyone knew anything about this. I was able to receive the payload as well the decompiled source code (it's written in Python). This malware was developed by some nerds in Russia determined to ... drain people on Counter Strike and steal their items? Again, I'm not a gamer or Counter Strike nerd, so I don't understand the objective of this malware or the monetary value behind this, but apparently it is enough to motivate someone to create malware which injects itself into Steam to allow them to manipulate the application and impersonate Steam support (API hooking).

I haven't had a chance to review the malware in totality yet. I've briefly skimmed it. It's got a bunch of different modules and stages. Someone seems to have put quite a bit of effort into this. I've never seen anything like this, so it's really cool.

On a side note, I've been noticing a trend of Threat Actors targeting Steam. It was initially by creating fake and malicious games. Now we are seeing malware payloads that inject themselves into the Steam application itself and manipulate it in ways to trick users into giving them valuable video game items or potentially pushing more malware to their machine.

Very cool.

cyber-hacking cyber fast-alert-sensor research-source malware markets russia shipping telegram
Telegram media item Media served by Telegram. The preview loads from telegram.org when this card is visible. Open original Telegram post