
The Steam game store recently removed the title Sniper: Phantom’s Resolution following multiple user reports, after it was discovered to contain malware designed to steal personal information.
Prior to its removal, the game’s developer, Sierra Six Studios, had issued a warning urging players not to download the game from sources outside Steam due to potential security risks—though ironically, the Steam version itself was also compromised.
Players who installed the game found that its assets and descriptions had been lifted from other titles, and were prompted to download an installer from an external GitHub repository. This so-called demo included commercial-grade attack tools.
Analysis revealed that the installer, misleadingly named Windows Defender SmartScreen.exe, contained a privilege escalation tool, a Node.js wrapper, and the widely known HTTP debugger Fiddler—a legitimate application—used here for nefarious purposes such as cookie interception.
The malware executed several Node.js scripts which were rapidly terminated to evade detection. It also achieved persistence by creating a startup task that launched a script named creatShortcut.vbs.
An account on GitHub, identified as arda1337, was found hosting encryption tools and a Telegram bot toolkit. Following user reports, GitHub swiftly removed the malicious repositories, and Valve followed suit by delisting the game from Steam.
As for the developer’s website, SierraSixStudios.dev, it is currently offline and no longer resolves—though it remains unclear whether this is due to intentional action by the developer or the result of a separate compromise involving malicious actors.
Regardless of the cause, any players who downloaded Sniper: Phantom’s Resolution are strongly advised to delete the game immediately and perform a comprehensive scan using reputable antivirus software. If necessary, a complete system reinstallation may be warranted to ensure security.