If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Watch out: profile images on Steam could contain malware

Be wary downloading pics from Valve's platform

Imogen Beckhelling avatar
News by Imogen Beckhelling Contributor
Published on

Naughty people are reportedly hiding malware in Steam profile images, so go careful what you download from Valve's gaming platform. Named SteamHide, the malware isn't the picture itself, but is tucked away in its metadata, waiting to be activated by a separate malware downloader. It's not something to worry about if you're using Steam normally - you'd need to be clicking on dodgy emails or visiting dubious websites to even get the extra necessary malware to activate the Steam stuff - but it's worth keeping an eye on, just in case.

According to G Data, "malicious users" are specially crafting profile images to contain malware. Because of the way it's created, the malware can't be detected by antivirus software. These images can't do much on their own though, G Data says it's "payload" malware that requires even more malware to activate it.

Watch on YouTube

Basically, you'd need to have downloaded some other bit of nasty malware (from rotten websites or spam emails) that would act as a decrypter. Damage can only be caused with both bits of malware.

"It should be noted that in order to become a target for this method, no installation of Steam - or any other game platform - is required. The Steam platform merely serves as a vehicle which hosts the malicious file," G Data say.

"The heavy lifting in the shape of downloading, unpacking and executing the malicious payload is handled by an external component which just accesses the profile image on one Steam profile. This payload can be distributed by the usual means, from crafted emails to compromised websites."

G Data emphasises that Steam users aren't at an increased risk of infecting their devices just by having Steam installed - even opening one of these modified images in a viewing application won't infect your PC. Hiding malware in pictures in this way isn't new either, it's just a method that supposedly hasn't been seen on gaming platforms before.

It's the kind of thing you can avoid by doing the usual and being sensible about what you click on. Also, I don't know who would bother downloading other players' profile pics, but on the off chance that's you, you should probably stop to be safe.

If you're interested in the technical bits, here's the link to that G Data article again where they explain in detail how the malware works.

Topics in this article

Follow topics and we'll email you when we publish something new about them.  Manage your notification settings .

Subscribe to the Rock Paper Shotgun Daily newsletter

Get each day's biggest PC gaming stories delivered direct to your inbox.

About the Author
Imogen Beckhelling avatar

Imogen Beckhelling

Contributor

Imogen is a lore enthusiast and lover of all the fun shenanigans game communities get up to. She spends too much time playing Overwatch, and not enough time having interests that aren't to do with video games.

Comments
Rock Paper Shotgun logo

We've been talking, and we think that you should wear clothes

Total coincidence, but we sell some clothes

Buy RPS stuff here
Rock Paper Shotgun Merch