A malicious user exploited the somewhat open submission structure of Steam's Greenlight section over the weekend to briefly hide malware links in cloned versions of legitimate game pages.
Polygon reports that a Steam user going by the handle bluebunny14 posted copies of pages for five games to the Steam's Greenlight section over the weekend. The cloned pages copied the text, screenshots, and videos of existing Greenlight games, including Melancholy Republic and The Maze, to look exactly like legitimate titles seeking attention in Steam's fan-voting area. But the cloned versions of the pages also included links to purported "beta version" links for the games that instead linked users to what Polygon calls "a known Trojan."
After being posted Sunday, the malicious links were reportedly removed by early Monday, and the cloned game pages themselves reportedly removed by Monday afternoon. "Community members alerted us of the situation over the weekend by flagging the content," saidĀ Valve's Doug Lombardi in a statement. "Our Community Moderators responded quickly by removing all malicious links from the fake Greenlight material and then we banned the submissions. We are taking further steps to deal with anyone involved in posting the links. We'd like to thank those who reported the issue in addition to our Community Moderators, and we encourage everyone to report any suspicious activity in the future by using the flag icon located throughout the Steam Community."