Alle discussies > Steam-forum > Help and Tips > Details van topic
Muzik Maniac 16 mrt 2022 om 21:30
Malware attack possibly through Steam?
IMPORTANT: There's been a small group of others suddenly commenting with the same issue, so this could actually be a Steam vulnerability. I'm still unsure (and haven't experienced any more attacks) but if anybody has more proof feel free to comment and I'll try to add it to the main post. Hopefully this will get someone important's attention because it's starting to look less and less like a coincidence.

New update : So as of 3/30, I'm getting more people responding about this cloud server coming up as malware in their AV systems. It seems like there are two possibilities right now: either A. there's been a change in Valve's cloud system recently and it is coming through the program wrong, causing it to be branded as malware or B. one of Steam's chosen cloud servers is being affected in some way by outside software and that is why the connections are being quashed and reported by antivirus. Hopefully someone can get Steam Support to look at this, because it's affecting multiple game cloud saves and causing chaos and concern for us.

About 2 hours ago, I randomly started up Team Fortress 2 to play. Nothing was different or unusual, but suddenly during a couple of rounds I received not one but two alerts from my Antivirus that something it labeled as malware was attempting to access my computer... through steam. It clearly stated that the source was Steam.exe, which is extremely odd. Not long after the second triggered I quickly stopped playing and verified the game, which turned up nothing.

The alerted program itself was listed as "objectstorage.us-sanjose-1.oraclecloud.com" and flagged as malware, but I have no idea where it came from or what it was doing on there. Please don't click this link, the websites that were offered when I searched it were sketchy and I didn't access any of them.

It really seems like this came directly through Steam itself, thankfully my antivirus smashed it flat before it could do anything. From what I can tell the program is a simple phishing scam that can be pushed through infected files though, so I'm kind of worried. Anybody have any good ideas? I wanted to report this directly to Steam... but that's kind of difficult, it seems.

Update: I completed a full scan of my main drive, and the only thing the antivirus picked up was a random libcef.dll in my downloads which was an obvious false positive (and hadn't been touched in almost a year anyways). I'm now running a scan on my external drive just to check. My antivirus that blocked the initial response was Avast Free Antivirus.
Yes, I'm aware of false positives; they have happened before. This isn't anything like the ones that I encountered. I have never had any connection terminations come through Steam before, so if it is a false alarm then it's the first time I've ever had it happen. This connection was also not directly tied to the game, as it had no visible effect other than to suddenly take me out of the game window and scare the crap out of me. After some further searching, I can also confirm that there are no other posts about this particular phishing program here (at least right now in this forum) or on r/steam.
External drive came back clean after a long scan. Looks like whatever it is either didn't make it on my computer or is undetected. I do have a theory though: the wifi system that I was on has a couple of security flaws which include an open port. It makes me wonder if the attack came through the port while it was in use by Steam and that's why it registered it that way. Regardless, nothing has happened yet and Avast hasn't blocked anything since then so it seems like everything is ok.
Laatst bewerkt door Muzik Maniac; 30 mrt 2022 om 1:07
< >
1-15 van 24 reacties weergegeven
my new friend 16 mrt 2022 om 21:32 
Do a full scan of your system. I doubt it was from Steam.
Laatst bewerkt door my new friend; 16 mrt 2022 om 21:33
#1
Muzik Maniac 16 mrt 2022 om 21:38 
Origineel geplaatst door my new friend:
Do a full scan of your system. I doubt it was from Steam.

I am currently doing so with two different systems I have, but the one that detected it is generally accurate with the location. Believe me, if I had enough doubt about where it came from then this post would never have occurred. Fingers crossed though.
#2
no154370 16 mrt 2022 om 22:09 
there is a high chance of False Positive.

kindly provide what Anti Virus and/or Anti Malware program you using here please.

there are several Anti Virus and Anti Malware programs that causes False Positives.

in other words

1) Anti virus and anti malware programs will deem some games like Dota 2, CS:GO, PUBG .......etc to contain Malware or virus, but in Truth, these games don't have it at all.
#3
Muzik Maniac 16 mrt 2022 om 22:22 
The program that triggered the alarm was Avast Free Antivirus. I know that it has some issues with games occasionally, but these two alerts were the only time I've ever had Avast trigger on a game without completely shutting the game down. False positives certainly exist, but this is a unique case since this is a game I play fairly regularly; I feel like it should have popped up before, and as far as I know TF2 hasn't had a major update (or localization files change even) for a couple months so nothing new should be having an effect.
#4
no154370 16 mrt 2022 om 22:35 
Origineel geplaatst door Muzik Maniac:
The program that triggered the alarm was Avast Free Antivirus. I know that it has some issues with games occasionally, but these two alerts were the only time I've ever had Avast trigger on a game without completely shutting the game down. False positives certainly exist, but this is a unique case since this is a game I play fairly regularly; I feel like it should have popped up before, and as far as I know TF2 hasn't had a major update (or localization files change even) for a couple months so nothing new should be having an effect.

it is known for multiple Years that Avast Anti Virus causes False Positives on Steam.

to prevent that from happening

here is the only method

1) kindly add the Steam Games you going to play including Steam Platform to your Avast Antivirus "exception list".

-------------------------------------------------------------------------------

someone complain about Avast antivirus program several days ago.

https://www.reddit.com/r/Steam/comments/8zbkz8/avast_steam_epic_games_false_positives/
#5
Muzik Maniac 16 mrt 2022 om 22:56 
I'm all too aware of Avast's history with Steam (it once quarantined the base program for Dying Light, getting that back was quite a trip). However: I've made sure that things are properly set so that more incidents like that would hopefully never happen again. If it is a false positive, it's the first that I have had in more than a year, it has triggered on something that was not a necessity for the game to run, and the listed url/program is something I've never seen or heard of until now.
#6
Muppet among Puppets 17 mrt 2022 om 0:38 
Was it a file or a connection?
If its a random file, upload it to virustotal.

If it was a connection, report the detection to the antivirus company.



Origineel geplaatst door no154370:
it is known for multiple Years that Avast Anti Virus causes False Positives on Steam.
Without knowing what or what kind it detected you can not go by a generic conclusion of the past.
#7
Muzik Maniac 17 mrt 2022 om 10:52 
Origineel geplaatst door Muppet among Puppets:
Was it a file or a connection?
If its a random file, upload it to virustotal.

If it was a connection, report the detection to the antivirus company.



Origineel geplaatst door no154370:
it is known for multiple Years that Avast Anti Virus causes False Positives on Steam.
Without knowing what or what kind it detected you can not go by a generic conclusion of the past.

From what I can tell it was an aborted connection attack. I tried to research it on my own, but it's such an obscure program that it was only listed on websites that leaned into the technical heavy explanations; as far as I can tell, the program piggybacks on files and connections to spread around and steal information.

I can't really report it to Avast (if there's one thing they are NOT good at it is customer accessibility), but their program detected and blocked the attack so I'm guessing it was in their data banks somewhere already.
#8
Muppet among Puppets 17 mrt 2022 om 11:07 
Its always good to "write down" the full name of the detection.

What does the avast log or so say about that?
#9
Muzik Maniac 17 mrt 2022 om 11:16 
Origineel geplaatst door Muppet among Puppets:
Its always good to "write down" the full name of the detection.

What does the avast log or so say about that?

Unfortunately this attack was registered under the "Alert" system, which means that since I viewed the alert there is only a basic description left over (before you ask, there is no log. I checked :lunar2019madpig:). That description says "We've safely aborted connection on objectstorage (full name in op, not rewriting it) because it was infected with URL:Mal". I do remember seeing from the original alert that the program detected the source as being Steam, something along the lines of steam/steam.exe but due to the alert system I can't verify that information any more.
#10
crunchyfrog 17 mrt 2022 om 11:59 
Origineel geplaatst door Muzik Maniac:
I'm all too aware of Avast's history with Steam (it once quarantined the base program for Dying Light, getting that back was quite a trip). However: I've made sure that things are properly set so that more incidents like that would hopefully never happen again. If it is a false positive, it's the first that I have had in more than a year, it has triggered on something that was not a necessity for the game to run, and the listed url/program is something I've never seen or heard of until now.
It doesn't amtter. You CA|NNOT set to remove false positives. That's not something you can do to that degree.

I get these from time to time. Obviously the more games you have, the greater the chance of this happening too.

You can rest assured they are false positives by this simple metric - CHECKING HERE ON THESE FORUMS.

If you see a ♥♥♥♥♥♥♥♥ of similar posts saying somethings gone awry then something dodgy has happened. Otherwise no, it's a false positive.

And to date, that ♥♥♥♥ has never happened.
#11
Elucidator 21 mrt 2022 om 8:16 
Scan with malwarebytes or something else more trusted.
Eset is good as well. I'm not sure exactly which is good and which isn't, but I do know Avast is .... questionable. And mcafee / norton are both trash level
Panda might be .... okay-ish but a bloated bulk of nonsense. (needs more testing I guess)

To answer the question, yes it is possible to put malware on a content delivery network. Discord's cdn is filled with malware. Steam at least attempts to detect these things.
(they even have some bounties for whitehat hackers)
so on Steam's cdn its a lot harder to achieve.

That said, I don't think Steam uses oracle cloud as a cdn partner, so I find the link suspious on that alone.
#12
Muzik Maniac 21 mrt 2022 om 17:00 
Origineel geplaatst door Elucidator:
Scan with malwarebytes or something else more trusted.
Eset is good as well. I'm not sure exactly which is good and which isn't, but I do know Avast is .... questionable. And mcafee / norton are both trash level
Panda might be .... okay-ish but a bloated bulk of nonsense. (needs more testing I guess)

To answer the question, yes it is possible to put malware on a content delivery network. Discord's cdn is filled with malware. Steam at least attempts to detect these things.
(they even have some bounties for whitehat hackers)
so on Steam's cdn its a lot harder to achieve.

That said, I don't think Steam uses oracle cloud as a cdn partner, so I find the link suspious on that alone.

I did end up downloading Malwarebytes and running a full scan, but nothing came up. My guess is that something tried to connect through Steam or through an open port issue on the Wifi I was on but was blocked (Avast is paranoid but effective). I haven't seen anything else since then about it, so I don't really have enough info to draw a conclusion.
#13
Frydaddy 29 mrt 2022 om 11:25 
Just happened to me tonight.

Picked up by Eset Endpoint Antivirus. It continued to make attempts every few minutes while steam was in the task bar. I don't have Steam set to start on boot, and this attack happened as soon as i fired up Steam. Now im annoyed by the notice every two minutes even in a game. This is definitely coming from the Steam program.
#14
texasssss 29 mrt 2022 om 11:46 
im getting the same thing, NOD32 picked it up. oraclecloud
#15
< >
1-15 van 24 reacties weergegeven
Per pagina: 1530 50

Alle discussies > Steam-forum > Help and Tips > Details van topic
Geplaatst op: 16 mrt 2022 om 21:30
Aantal berichten: 24
Een nieuwe discussie starten

Regels en richtlijnen voor discussies