If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Watch out: profile images on Steam could contain malware

Be wary downloading pics from Valve's platform

Naughty people are reportedly hiding malware in Steam profile images, so go careful what you download from Valve's gaming platform. Named SteamHide, the malware isn't the picture itself, but is tucked away in its metadata, waiting to be activated by a separate malware downloader. It's not something to worry about if you're using Steam normally - you'd need to be clicking on dodgy emails or visiting dubious websites to even get the extra necessary malware to activate the Steam stuff - but it's worth keeping an eye on, just in case.

According to G Data, "malicious users" are specially crafting profile images to contain malware. Because of the way it's created, the malware can't be detected by antivirus software. These images can't do much on their own though, G Data says it's "payload" malware that requires even more malware to activate it.

Basically, you'd need to have downloaded some other bit of nasty malware (from rotten websites or spam emails) that would act as a decrypter. Damage can only be caused with both bits of malware.

"It should be noted that in order to become a target for this method, no installation of Steam - or any other game platform - is required. The Steam platform merely serves as a vehicle which hosts the malicious file," G Data say.

"The heavy lifting in the shape of downloading, unpacking and executing the malicious payload is handled by an external component which just accesses the profile image on one Steam profile. This payload can be distributed by the usual means, from crafted emails to compromised websites."

G Data emphasises that Steam users aren't at an increased risk of infecting their devices just by having Steam installed - even opening one of these modified images in a viewing application won't infect your PC. Hiding malware in pictures in this way isn't new either, it's just a method that supposedly hasn't been seen on gaming platforms before.

It's the kind of thing you can avoid by doing the usual and being sensible about what you click on. Also, I don't know who would bother downloading other players' profile pics, but on the off chance that's you, you should probably stop to be safe.

If you're interested in the technical bits, here's the link to that G Data article again where they explain in detail how the malware works.

Tagged With

About the Author

Imogen Beckhelling avatar

Imogen Beckhelling

News Writer

Imogen is a lore enthusiast and lover of all the fun shenanigans game communities get up to. She spends too much time playing Overwatch, and not enough time having interests that aren't to do with video games.

Support Rock Paper Shotgun

Subscribe and get access to supporter-only articles, an ad-free reading experience, free gifts, and game discounts. Your support helps us create more great writing about PC games.

See more information

More News

Latest Articles

Rock Paper Shotgun logo

We've been talking, and we think that you should wear clothes

Total coincidence, but we sell some clothes

Rock Paper Shotgun Merch