A game recently removed from Steam has put Valve’s moderation practices under the microscope once again. Sniper: Phantom’s Resolution, an indie shooter listed on the platform, was pulled after users discovered its demo installer hosted malware that could siphon sensitive data from infected systems.
The discovery follows a similar malware incident just weeks prior, reigniting debate over how tightly Valve vets its game listings and developer access.
The malicious code wasn’t embedded in the Steam-distributed files directly. Instead, the demo was linked from the developer’s official website, which then pointed to a file hosted on GitHub. According to BleepingComputer, the installer masqueraded as a legitimate file—Windows Defender SmartScreen.exe—while quietly delivering an info-stealing payload. “This malware can exfiltrate credentials, cookies, cryptocurrency wallet data, and other personal information,” the site reported.
Windows Defender SmartScreen is a Windows security feature against malicious files and apps. It checks any attempts to download and run files and apps using a dynamic cloud-based list of reported phishing sites and malicious software sites.
Valve removed the game on March 21, 2025, following reports from users and independent researchers. However, this wasn’t the first time Steam had been used to distribute malware disguised as a game.
Developer Blames Website Hijack
Sierra Six Studios, the developer behind Sniper: Phantom’s Resolution, removed the game voluntarily, but not before offering a controversial explanation. In a since-deleted statement reported by PC Gamer, the studio insisted it had been the victim of a complex domain hijack: “a labyrinthine conspiracy”. The developers claimed a third party had gained access to their site and inserted the malicious link.
Users have reacted with skepticism. Critics point out that the developer continued to promote the demo after the malware was discovered and failed to issue any direct warnings to users. There’s no public indication that Sierra Six has reported the alleged domain hijack to authorities or provided forensic evidence.
This isn’t the first time Valve has found itself dealing with fallout from malicious content. Just one month earlier, in February 2025, the game PirateFi was taken down from Steam after researchers discovered it delivered a cookie-stealing trojan, which enabled attackers to hijack users’ sessions.
Security Measures in Place—But Are They Enough?
Valve had previously introduced security reforms in October 2023 following another malware incident in which attackers compromised developer accounts to inject malicious updates into existing games. As a result, Valve rolled out mandatory SMS-based developer verification to restrict unauthorized access to game builds.
Yet these measures did not prevent the Sniper: Phantom’s Resolution situation, since the malware came not from compromised developer access but through an external link hosted on the developer’s website. The link was listed on the game’s Steam page, exposing users to risks Valve’s internal build verification processes don’t currently address.
Steam allows developers to include external links to Discord servers, official websites, and social media channels. While intended for community engagement and support, this openness also creates an avenue for abuse if those external sources are hijacked or malicious from the start.
Valve has not issued a public statement regarding the latest incident. But according to Valve’s own security documentation, it encourages researchers and users to report vulnerabilities through its HackerOne program. Still, this approach relies heavily on post-facto detection rather than proactive moderation.
Lean Teams, Big Responsibilities
Part of the problem may stem from Valve’s famously flat structure and small team. As noted in a 2024 report by The Verge, the company had just 336 employees as of 2021—and only 79 of them were assigned to Steam. That’s an unusually small headcount for a platform serving tens of millions of users and thousands of third-party developers.
This lean operational model may limit Valve’s ability to screen new game listings in real-time or conduct more robust developer audits. Instead, the company’s moderation has largely been reactive. In both the PirateFi and Sniper: Phantom’s Resolution incidents, action was only taken after malware had already reached users.
A game called PirateFi released on Steam last week and it contained malware. Valve have removed the game two days ago.
— SteamDB (@SteamDB) February 12, 2025
Users that played the game have received the following email: pic.twitter.com/B98BFs0WbK
Independent analysts have voiced concerns for years about Valve’s hands-off approach. One PCWorld opinion piece went as far as to say: “I’m starting to worry about Steam’s lax security.” That sentiment appears to be spreading.
What Users Can Do Right Now
For affected users, experts recommend uninstalling the demo and scanning their systems with reputable anti-malware tools. Malware of this nature can exfiltrate sensitive data like saved passwords and browser cookies, potentially leading to further compromise outside of Steam.
More broadly, users are urged to be cautious when downloading game demos or files hosted off-platform—even if they’re linked from Steam. Verifying the legitimacy of links, keeping antivirus definitions updated, and limiting the storage of sensitive data in browsers can all reduce the impact of such breaches.
As for Valve, the episode has renewed calls for the company to scale up moderation efforts and possibly restrict or audit third-party links shared on its storefront. Whether the company adjusts course—or simply waits for the next incident—remains to be seen.
Last Updated on March 25, 2025 8:44 pm CET
