Valve has delisted a suspicious game from the Steam platform after community-led investigations revealed its downloadable demo was, in fact, a malware-laced executable hosted outside the Steam ecosystem.
The game, titled Sniper: Phantom's Resolution, first drew suspicion when users noticed promotional material on its Steam page appeared to be lifted from unrelated titles. Reddit users posted a warning, prompting deeper scrutiny from others. Upon closer inspection, users discovered that the demo link redirected to an external website — a significant red flag for a game purportedly available on Steam. The executable file, deceptively named Windows Defender SmartScreen.exe, required administrative privileges and mimicked behaviors consistent with info-stealing malware.
web.archive.org
Signs of an info-stealer
Security enthusiasts analyzing the file in sandboxed environments reported several concerning elements like the presence of an elevate.exe utility (commonly used to escalate privileges), along with a Node.js wrapper called wincrypt, a tool that interfaces with Windows' native encryption APIs to potentially decrypt stored credentials. The malware used GitHub repositories to fetch additional payloads, ran obfuscated command-line scripts to minimize detection, and created persistence mechanisms like startup tasks under misleading filenames such as updater.lnk.
The malicious payload showed clear traits of an infostealer like opening web browsers upon execution, tapping into browser-stored credentials, and attempting to hijack authentication tokens. Affected users noted high CPU usage during the infection phase, along with signs of silent network interception via tools like Fiddler. The suspicious GitHub user, linked to the same domain and malware, hosted several suspicious repositories under aliases, including sierrasixstudiosdev.
Game removed, but risk persists
Valve reacted to the growing user reports by removing Sniper: Phantom's Resolution from the Steam Store. GitHub, for its part, removed associated repositories after receiving user abuse reports and confirmed the content violated its Terms of Service.
Sniper: Phantom's Resolution was supposedly developed by a studio named SierraSixStudios, but investigators uncovered no verifiable information about the group. The studio's website was only registered on March 10, 2025, through Porkbun, and lacked a functioning or trustworthy digital presence. This, combined with evidence of asset theft and fake branding — including a misspelled in-game logo reading “Phatnom” — painted a picture of a hastily assembled front for malware distribution.
This incident follows closely on the heels of PirateFi, another Steam title removed just weeks earlier in February for harboring malware. In that case, Valve had issued warnings to affected users, urging full system scans and even OS reinstalls. The emergence of a second malicious title within such a short span raises serious questions about the robustness of Valve's review mechanisms, especially when games leverage external links to bypass the company's malware screening protocols.
UK Sets Deadline for Quantum Cryptography Migration to 2035
Leave a Reply