Security firm Malwarebytes reported that it has discovered a fake version of the Razer Comms app, a popular VoIP and messenger tool for Android and Windows. The firm didn't specify how it came across the malicious app but instead indicated that the Windows client is the only Razer Comms version that's infected so far.
According to the firm, the infected app resides on "steamccommynity(dot)com." This web page looks exactly like the original site hosted by Razer and offers both the Android and Windows PC links. Click on the Android link and users are taken to Google Play to download the unaffected app. Click on the Windows link and users will receive a bogus file called "image.scr."
As the file name shows, it should be a Windows screensaver; the actual download from Razer's server is "RazerComms5.5.14.exe" at press time, weighing in at a mere 92.4 MB. The security firm said that ".scr" files are rather common when it comes to bogus trading scams within games.
"The file is rather erratic, occasionally popping a screensaver box after executing – but always firing a .NET framework error message, which needs to be on the system for the .scr to run in the first place," said Malwarebytes intelligence analyst Steven Boyd. "We didn't see any data being stolen during testing – most likely due to the errors – but that doesn't mean a more reliable file won't replace it at some point down the line."
Malwarebytes said that some of the code bits are similar to those seen in another password-stealing file. There's also a URL in the code that leads to a number of places including a login page for Steam phishing tools, a Russian gaming portal that includes tons of threads related to hacking, and an image file listing the services from the group behind the malware.
"In most cases that we see, the name of the game is luring the victim outside of the trade system window. If you're being sent links to 'previews' of items in Steam chat by strangers who started messaging you ten minutes ago? You may be on your way to a bad day," Boyd added.
In addition to the Malwarebytes report, Razer tossed over an official statement to Tom's Hardware:
With its increased popularity (over 1 million users), Razer Comms has become a target for cybercriminals. There are multiple sites that try to imitate the look of Razer's official pages in an effort to spread malware to gamers around the world. To avoid doing so, Razer encourages all users to ensure they are on an official sub-URL of www.razerzone.com. The URLs and look of the offending websites are similar, so caution is advised. To download the official version of Razer Comms, go to www.razerzone.com/comms/.Razer is against all forms of unnecessary programs and malware, and ships its Razer Blade and Blade Pro laptops bloatware-free.