Be careful what you click. You might think you've found a cool-looking new game on Steam, but it could be computer-infesting malware in disguise. Yeah, scammers are imitating entire game pages now.
Over the weekend, the makers of psychedelic adventure game Octopus City Blues were surprised to discover a perfect copy of their Steam page (warning: the "demo" download on that page contains malware) sitting in the "concepts" section of Steam. Name, trailer, screenshots, description—everything. There was, however, one big difference between the eight-legged clone and developer Ghost In A Bottle's original slab of steamed cephalopod: updates that advertised an exciting new demo. Seven levels! An hour of playtime! They even mentioned the game's very not-fictional Kickstarter. Clearly, these jerks did their homework.
Clicking the link, obviously, is a terrible idea. It goes to a malware-ridden download site. As soon as Ghost In A Bottle caught wind of this, they reported it to Valve and asked their fans to do the same. Days later, however, the page is still up, as is the extremely deceptive malware link. Nothing has changed.
"I reported the page and mentioned that I'm the creator of the original Greenlight page, and asked fans to report it as well, but it's still up as you can see," Octopus City Blues designer Firas Assaad told me via email. "There were a few comments on the fake page warning people, but it seems that they were deleted. If it stays up I might send a DMCA complaint since companies take them more seriously."
This is not the only instance of this occurring recently, either. The makers of beat-'em-up Street Fist 2 have reported similar troubles:
Meanwhile, the creator of the fake Octopus City Blues page has one other game listed in Steam's concepts section. This one is an illicit copy (warning: do not click the public beta download on that page) of RPG Garlock Online's page, and it advertises a public beta that, predictably, leads to a malware link. That one appears to have been up in various forms since late-March.
So yeah, be careful. It seems like people are out to take advantage of the fact that Valve isn't doing much about this type of scam yet. I've requested comment from Valve, but as of publishing time they hadn't replied. Here's hoping they squash this scam faster than they've squashed, er, all the others, though.
Update 1: A similar incident occurred last month with multiple Steam Greenlight (as opposed to Steam Concepts) entries. Valve's community moderators handled that problem after Valve caught wind of the issue. Here's hoping the same happens here, sooner rather than later. Clearly, though, a long-term solution is needed.
Update 2 (6:45 PM): Valve sent me the following message: "We have removed the malicious links and taking further steps to deal with anyone involved with posting these links."
