Steam Community Profiles abused as C2 network in new WordPress malware infection campaign
A new malware campaign is exploiting Steam Community profiles as a command-and-control network for infecting WordPress sites. Researchers from GoDaddy have identified nearly 2,000 compromised sites since July, where attackers embed malicious payloads in comments. The malware uses invisible Unicode characters to hide its true intent, ultimately infecting visitors' browsers with harmful JavaScript.
- ▪The malware campaign targets vulnerable WordPress websites and their visitors.
- ▪Attackers use Steam Community comments to hide malicious payloads.
- ▪GoDaddy has reported nearly 2,000 compromised WordPress sites since July 2025.
Opening excerpt (first ~120 words) tap to expand
Pro Security Steam Community Profiles abused as C2 network in new WordPress malware infection campaign News By Sead Fadilpašić published 3 June 2026 A new cheeky malware campaign abuses the comment section When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Valve) Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Malware hides payload in Steam Community commentsWordPress sites used to host backdoorsNearly 2,000 sites compromised since JulySecurity researchers from GoDaddy found a cheeky new malware campaign that used comments made by Steam Community accounts as…
Excerpt limited to ~120 words for fair-use compliance. The full article is at TechRadar.
Discussion
0 commentsMore from TechRadar
