Valve pulls plug on Sniper: Phantom’s Resolution demo after malware reports surface

Lesser-known game developers are sometimes tempted to engage in malicious activities

In a troubling development for the gaming community, Valve, the company behind the popular digital distribution platform Steam, has removed a demo for the game Sniper: Phantom’s Resolution after it was found to infect users’ systems with infostealer malware.^[1]

The demo, intended as an early preview of a first-person shooter (FPS) developed by the obscure Sierra Six Studios, was originally listed on Steam with a full release slated for Q2 2025. Described as a tactical sniper experience with “realistic FPS mechanics and dynamic storytelling,” the game promised players a chance to step into the shoes of a morally conflicted sniper contractor. However, what players encountered instead was a cybersecurity nightmare.

The demo managed to slip through Steam’s vetting process, raising questions about the platform’s security protocols for new submissions. Unlike typical Steam demos, which are hosted directly on the platform, Sniper: Phantom’s Resolution directed users to an external GitHub repository for download – a red flag that went unnoticed until players began reporting suspicious activity.

Following a swift investigation sparked by community complaints^[2] on forums like Reddit,^[3] Valve pulled the demo from the Steam store on March 20, 2025, though traces of its listing lingered on the website. The incident underscores the challenges even a major platform like Steam faces in policing third-party content, especially from lesser-known developers.

Unpacking the malware: a sophisticated infostealer

While the specific strain of malware embedded in the Sniper: Phantom’s Resolution demo has not been officially named, its behavior aligns with the characteristics of an infostealer – a type of malicious software designed to harvest sensitive data from infected systems.

Once installed, the malware disguised itself as a legitimate executable, with its main file named “Windows Defender SmartScreen.exe” to evade suspicion. Analysis by vigilant Reddit users revealed additional malicious components, including an “elevate.exe” file to gain administrative privileges and tools like a Node.js wrapper and Fiddler, a web debugging proxy capable of intercepting browser cookies.

Upon execution, the infostealer quietly went to work, targeting credentials, session cookies, and other personal data stored on users’ computers. Its ability to bypass Windows security measures and remain undetected by some antivirus programs suggests a level of sophistication that cybersecurity experts describe as “new and clever.”

The developer, Sierra Six Studios, saw its website (sierrasixstudios[.]dev) taken offline shortly after the reports surfaced, further fueling speculation about the entity’s legitimacy. Players who downloaded the demo are urged to run full system scans, uninstall the software, and reset passwords to mitigate potential damage.

Steam’s ongoing security struggles

The Sniper: Phantom’s Resolution incident is not an isolated case, but part of a disturbing trend affecting Steam. Just a month prior, in February 2025, Valve removed PirateFi,^[4] a free-to-play survival simulator, after it was found to distribute the Vidar infostealer^[5] malware. That breach impacted up to 1,500 users, prompting Valve to recommend drastic measures like system resets for affected players.

These back-to-back incidents highlight the growing audacity of malicious actors exploiting Steam’s open submission process, where a $100 fee and minimal oversight allow questionable titles to reach the storefront.

Valve has responded by tightening developer security, including mandatory two-factor authentication for updates, but gaps remain – particularly with external links, which bypass Steam’s hosting safeguards.

For gamers, the takeaway is clear: caution is paramount. Verifying a game’s developer, scrutinizing community feedback, and avoiding downloads from untrusted sources are critical steps in staying safe.

The security incidents at Steam demonstrate how trusted platforms face evolving threats from cybercriminals while maintaining accessibility for small studios. The gaming community remains in wait to observe Valve's protective measures for its millions of users against upcoming hidden threats.