If you've been interested in using Razer’s communication software platform, aptly named Comms, then beware of the fakes! There apparently has been a rise in the number of malicious apps that try to emulate Razer’s platform and attempt to bait you into downloading a maliciously loaded version that is certainly not what you were expecting.
Report claims that there are a number of sites that attempt to entice users to download Razer Comms software, yet its not actually their software.
Oddly enough Razer’s Comm app actually has around 1 Million users, making it a bit more attractive as a phishing platform as it is indeed a growing platform. It definitely offers a good concept of a service that we probably use in one form or another. Teamspeak? The sites themselves that Malwarebytes have found look very similar to the legitimate Razer website, which also actually link to the legitimate mobile app on the Google Play store, though when attempting to download the Windows version, a bogus file is downloaded instead. The file that’s downloaded instead is a .src file, which is a screensaver script file that Malwarebytes notes is common for the use in fake in-game trading scams that they've uncovered in the past. When the executable is run, instead of a screensaver, for which a pop up occasionally occurs, a piece of .NET code attempts to run, but will likely simply error out and not actually do anything at this point. This doesn't mean that this technique won’t be further refined and such attempts found in the future.
If you feel like taking a look at this malware, you’ll find that the code itself seems to bear some similarities with a password theft utility that’s popped up in the wild before, something called No_nameIafWyUbv_Qtl.exe, and there are also hints that point towards a Russian based Steam phishing website. Oddly enough, that website it links to has a forum that has a few hacking related topics and even has people advertising their services on there. Those advertising take a form of payment known as WMR, and will help to conduct phishing or other virus related operations on your behalf.
The lesson learned from this is that you should be very careful when you receive any links to in-game items from strangers or others you don’t know. As always, be very careful with what you click on as the resulting page may not be legitimate and could end up ruining your day if you inadvertently click on something you don’t mean to. Even clicking can potentially transfer information you don’t want others to have. So check that wherever you login to after clicking on such links is the right place, or always open a new browser window to login manually by typing in the address you know it to be. Just be careful and use common sense and you should be fine!
