The reuse of passwords on several websites has become a contentious issue especially with the number of recent hacks and data breaches which have surfaced over the last few months. The act alone is putting people internet lives at risk and it was evidenced by the recent Steam spam campaign.
From last week, gamers who use Steam have been warning themselves over social media about one new spam campaign which has started and seemed to try and coax the gamers to download malware on their PCs. In the end, through the malware, the cyber attackers would then be able to take over their devices. If the gamers do nit have two-factor authentication system turned on on their devices then they might have a problem.
The spam campaign starts with one hacker trying to take over a Steam account. The takeover might be possible because there have been many leaks of data recently. Therefore, hackers can try many different combinations of passwords for one person. Some of the data breaches even included just clear passwords.
This is where the two-factor authentication system comes in because if they can use the same password they got from another data breach, they would need a second password to enter the site. For those without two-factor authentication system, the hackers would be able to enter the system and then they can spam their friends with some malicious links.
The messages would be coming from a trusted source; therefore the people would not have any reason to believe otherwise and they will click on the link. The recent spam campaign shows that the link will lead to a download page which is hosting a video of one recorded CS:GO gameplay and the user needs to install Flash Player for it. After that, knowing how much flash player is laced with malware, this is a trick used to trick gullible people into downloading malware.
Lawrence Abrams of Bleeping Computer said that in this case in particular, users would be downloading one executive file that actually ran a PowerShell script and installed the NetSupport Manager Remote Control Software. The NetSupport software is legit and is similar to the TeamViewer, letting users connect to the remote computers. Attackers only have to authenticate on the server and they can take control of the PC.
He also recommended that Steam gamers check for the presence of a folder named, %AppData%lappclimtfldr, because if they had it they are probably infected.