Steam removes game demo distributing Information-Stealing malware
Take action: If you downloaded "Sniper: Phantom's Resolution" game from Steam, immediately uninstall it and run a full system scan with your antivirus software. Then change passwords for all important accounts and monitor them for suspicious activity. Ideally, format the system.
Learn More
Valve has removed the game "Sniper: Phantom's Resolution" from its Steam platform after multiple users reported that the demo installer infected their systems with information-stealing malware. The game, published under the developer name "Sierra Six Studios," was marketed as an early preview of a title planned for full release in the coming months.
Users became suspicious of the game after noticing several red flags:
- Game assets and descriptions appeared to be copied from other titles
- Players were directed to download the demo installer from an external GitHub repository instead of directly through Steam
- The installer file was deceptively named "Windows Defender SmartScreen.exe"
Reddit users discovered that the installer contained several malicious components:
- Commodity attack tools
- A privilege escalation utility
- A Node.js wrapper
- The "Fiddler" tool, which can intercept cookies
The malware employed evasion techniques, executing and quickly terminating Node.js scripts to avoid detection. It also established persistence by creating a startup task via a script named "createShortcut.vbs."
Further investigation revealed that the same developer profile on GitHub, identified as "arda1337," (account deleted) hosted cryptocurrency tools and Telegram bot toolkits. Following the discovery and subsequent reports, the developer's website at "sierrasixstudios[.]dev" has been taken offline.
GitHub removed the malicious repository after receiving user reports. Valve subsequently deleted the game from Steam on March 21, 2025.
Ironically, just one day before the game was pulled, the developers had warned players about downloading the game from websites or links outside of Steam due to potential security risks, even though the Steam version itself contained malware.
This incident occurs approximately one month after another security breach on Steam, where a game called "PirateFi" was used to distribute the Vidar information-stealing malware. That game reportedly had been downloaded by up to 1,500 users.
Users who installed "Sniper: Phantom's Resolution" are likely to have infected their computers with malware. Security experts recommend that these users:
- Uninstall the title immediately
- Run a full system scan to remove any remaining malicious files
- Monitor accounts for suspicious activity
The exact number of users affected by this malware distribution campaign and the specific types of information targeted by the malware have not been disclosed in the available information.
