1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Infostealer.Staem Activity

System Infected: Infostealer.Staem Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects traffic related to Infostealer.Staem

Additional Information

When the Trojan is executed, it will terminate the following file:
Steam.exe

The Trojan will then display "Steam - Fatal Error" message.

The Trojan copies itself to the following location and replaces the previous file:
%SteamDirectory%\Steam.exe

Note: %SteamDirectory% is the directory where Steam is installed.

The Trojan renames the original %SteamDirectory%\Steam.exe file to the following file name:
%SteamDirectory%\Dumper.exe

The Trojan executes the following file, which is now malicious:
%SteamDirectory%\Steam.exe

Then Trojan displays a fake login screen.

The Trojan steals any credentials entered in the fake login screen and saves them in the following location:
%SteamDirectory%\data.txt

The Trojan connects to the following remote location:
5.39.124.175

The Trojan may download and execute potentially malicious files.

Affected

  • Various Windows platforms.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube