Malwarebytes Discovers Fake Voice Chat Website

Fake Steam Voice Chat website serving malware

Gamers belonging to the Steam online gaming community are once again being targeted by malware attacks only this time the cyber criminals are using a fake version of the Razer Comms voice chat service to spread the malware.

Malware discovery dedicated website, Malwarebytes has discovered a fake Steam Community URL, steamccommynity(.)com. The website, Malwarebytes says, replicates the Razer Comms website and offers phishing links masquerading as click-throughs to various in-game items for Steam users.

Malwarebytes researcher Christopher Boyd stated on the blog post that, "The site functions in a similar fashion to the real [Razer Comms site], along with linking to the (legit) mobile app on the Google Play store. Clicking the Windows download button however will serve potential victims a bogus file instead of the actual Razer Comms executable."

Malwarebytes notes that the website is not quite done as of yet and contains a lot of errors, which is why it has failed in its spyware mission.

"We didn't see any data being stolen during testing - most likely due to the errors - but that doesn't mean a more reliable file won't replace it at some point down the line," Boyd said. 

Malwarebytes said that the malware on the website  is similar to a file associated with password theft on VirusTotal. The website also contains some sort of “Steam Fishing Tools.”

Malwarebytes traced the malware authors back to a Russian gaming portal.  This gaming portal offers a whole host of hacking services to users and  includes “downloading all logs in the temp txt file,” “issuing additional accounts for the spammer,” “fake geolocation,” “selection of languages,” “ban protection” in relation to using Google Chrome and the potential for “Kriptovat virus.”

The gaming portal is also quite expensive, the Russian hacking gang demands upto 1,000 WMR per week for their services, or 3,500 for a month.

"WMR appears to be a form of secure online payment, though I'm not familiar with it at all and hesitate to give an equivalent total to the kind of real world money you'd hide under the bed," said Boyd. 

WMR according to Russian Wiki page is some sort of exchange medium over the Internet.

Boyd has stated that gaming offer a nice click bait for the malware handlers/authors as the gamers community is spread far and wide.

"In most cases that we see, the name of the game is luring the victim outside of the trade system window," he said.  "If you're being sent links to 'previews' of items in Steam chat by strangers who started messaging you ten minutes ago? You may be on your way to a bad day. Whether we're dealing with links to executables, so-called pictures of in-game items which turn out to be .scr files, login pages asking you for credentials and/or uploads of your SSFN, you should do your very best to avoid them all." 

If you are a gamer, stay off the untrusted pages or links offering something for free. 

Benjamin Manleymalwarebytes