1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Infostealer.Staem Activity

System Infected: Infostealer.Staem Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects traffic related to Infostealer.Staem

Additional Information

When the Trojan is executed, it will terminate the following file:

The Trojan will then display "Steam - Fatal Error" message.

The Trojan copies itself to the following location and replaces the previous file:

Note: %SteamDirectory% is the directory where Steam is installed.

The Trojan renames the original %SteamDirectory%\Steam.exe file to the following file name:

The Trojan executes the following file, which is now malicious:

Then Trojan displays a fake login screen.

The Trojan steals any credentials entered in the fake login screen and saves them in the following location:

The Trojan connects to the following remote location:

The Trojan may download and execute potentially malicious files.


  • Various Windows platforms.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube