Voice Comms have slowly but surely become a popular target of scams in the past [1], [2], as gamers hope to make use of the fastest and best types of team-chatter available in their quest to no-scope an endless procession of noobs (technical term).
We’ve seen a number of websites sharing the same design over the last few days, claiming to offer up a type of Voice Comm with an executable served up from Google Drive. The sites ask visitors to download the file named after the site they happen to be on – so, “Download Clean Talks”, or “Download Simple Vox”, for example.
Some URLs which follow the same design/ Google Drive download template:
air-vox(com) clean-talks(dot)com simple-vox(dot)com
There are a number of other sites which may be related but are currently down.
Loading up the Air-Vox website, we can see it looks as slick and well designed – likely an attractive sight to a passing gamer wanting a quick and easy VoIP tool.
When you see references to “Steam Guard”, “Stealer” and “SSFN” in the code you’re typically dealing with a Steam Stealer, and users of Malwarebytes Anti-Malware will find we detect this file as Trojan.Agent.CRPT.Gen. Clean-talks.exe and simple-vox_v.1.5.5_beta.exe fall under the name of Trojan.FakeSteam [1], [2].
One slight variation on the theme would be
gamespeak(dot)net
which is offline, though we were able to retrieve a copy via Google Cache:
The Gamespeak URL is unique in that the file served (currently unreachable) was served up from Dropbox instead of Google Drive like the others.
In all cases, gamers on the lookout for reliable Voice Comms tools should stick to lists of reputable programs, asking on gaming forums should they see a file doing the rounds they’re not familiar with. It’s the easiest thing in the world to download a random file and run it – things aren’t quite so straightforward where a messy clean-up is concerned…
Christopher Boyd
