A New Batch of Voice Comms Stealers...

A New Batch of Voice Comms Stealers…

Voice Comms have slowly but surely become a popular target of scams in the past [1], [2], as gamers hope to make use of the fastest and best types of team-chatter available in their quest to no-scope an endless procession of noobs (technical term).

We’ve seen a number of websites sharing the same design over the last few days, claiming to offer up a type of Voice Comm with an executable served up from Google Drive. The sites ask visitors to download the file named after the site they happen to be on – so, “Download Clean Talks”, or “Download Simple Vox”, for example.

Some URLs which follow the same design/ Google Drive download template:

air-vox(com) clean-talks(dot)com simple-vox(dot)com

There are a number of other sites which may be related but are currently down.

Loading up the Air-Vox website, we can see it looks as slick and well designed – likely an attractive sight to a passing gamer wanting a quick and easy VoIP tool.

Voice comm website
Voice comm download

When you see references to “Steam Guard”, “Stealer” and “SSFN” in the code you’re typically dealing with a Steam Stealer, and users of Malwarebytes Anti-Malware will find we detect this file as Trojan.Agent.CRPT.Gen. Clean-talks.exe and simple-vox_v.1.5.5_beta.exe fall under the name of Trojan.FakeSteam [1], [2].

One slight variation on the theme would be

gamespeak(dot)net

which is offline, though we were able to retrieve a copy via Google Cache:

The Gamespeak URL is unique in that the file served (currently unreachable) was served up from Dropbox instead of Google Drive like the others.

In all cases, gamers on the lookout for reliable Voice Comms tools should stick to lists of reputable programs, asking on gaming forums should they see a file doing the rounds they’re not familiar with. It’s the easiest thing in the world to download a random file and run it – things aren’t quite so straightforward where a messy clean-up is concerned…

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.