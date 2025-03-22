First reported by TheGamer, a Steam listing for a game called Sniper: Phantom's Resolution has been pulled from the storefront by the developer after players discovered malware being distributed as a "demo" from the dev's official website. Though the site had a link on Steam, the malware was not distributed through Steam itself like last month's PirateFi fiasco.

The case against developer Sierra Six seems almost airtight, but someone purporting to be one of the developers has surfaced on Reddit to claim that they were set up, and that their domain was hijacked before they had the chance to secure it.

Occam's Razor would have Sierra Six as a bad actor attempting further social engineering, but it's not impossible that it actually is caught up in some kind of Philip K. Dickian nightmare of digital impersonation.

Sniper: Phantom's Resolution first popped up on Steam at the end of December last year, and was removed from the storefront on March 20 according to SteamDB. This was not a Valve moderation decision: The changelog for Sniper shows the message "app_retired_publisher_request." This is in contrast to the Web3 game PirateFi, which was removed from Steam by Valve last month.

On March 16, user Feral_Wasp called out Sniper: Phantom's Resolution in a post on the PC gaming subreddit. Feral_Wasp pointed out that the Steam page contained a link to the developer's website and a supposed demo of the game, with scuttlebut being that the "demo" was actually malware.

You can still see this thanks to the WayBack Machine: Sierra Six's username on Steam is sierrasix.dev, and the "Official Website" widget on the page links to the domain "sierrasix.dev."

User meatbent3 decided to pound the pavement and get the skinny on this "demo," which appears to have been an absurdly malicious and sophisticated "infostealer" virus that would launch a multipronged assault on your PC when run. Here's the breakdown:

It had a file structure that superficially resembled a Unity game, but was not a game.

The demo contained a .exe to run admin privilege programs via command line.

It opened a browser, potentially to hijack cookies.

The program ran network traffic analysis and interception tools, as well as a number of difficult-to-detect programs with its command line admin privileges.

It also created a malicious startup task to run every time the PC would boot.

Meatbent3 characterized it as a "new and clever" example of malware, and advised anyone who ran the program to "remove the files it created and change every password for every account you have." Commenters in the thread also make reference to a "sierrasixstudiosdev" GitHub account that hosted the malware and which has since been taken down.

Sierra Six has purged much of the Steam discussions section for Sniper: Phantom's Resolution, but it still has a developer statement up that, at first glance, appears almost comically audacious, an instance of real brass balls, "We're all trying to find the guy who did this" absurdity I can't help but admire.

"To avoid scams and potential issues, please ensure you download the game only from the official Steam page and disregard any other sources," the statement reads. "If you come across suspicious links or offers related to our game, please report them and stay cautious." The punchline, of course, is that the malware at the center of the controversy comes from a domain Sierra Six itself linked to, that is also its developer/publisher name on Steam.

I thought this was open and shut, but there's one final wrinkle to the story: Sierra Six says it was set up. I don't know if I buy the explanation, but it raises enough questions that I don't want to commit to grave dancing on Sierra Six as thwarted and humiliated scammers.

An account with the name AndrewPillDev responded to Feral_Wasp's post on March 19, one day before Sniper: Phantom's Resolution was retired for good now. Andrew claims to speak on behalf of Sierra Six, and offers explanations for the malware being linked from the Steam page, the removal of Steam discussion posts about the malware, and the fact that this account was only created that very day.

Andrew claims that he found out about the malware via Polish news sites, and that English is not his first language. To hear him tell it, the team simply did not register the sierrasixstudios.dev domain in a timely fashion, putting it on the Steam page as a placeholder before they fleshed it out. He alleges that a malicious third party used this as a vector of attack. Here's some of his other defenses:

A typo on the store page? An honest mistake from a small team that doesn't speak English as a first language.

The generic appearance of the game and alleged use of screenshots from other games? Andrew shared footage he claims was from an in-progress level viewed with Unity dev tools.

Deleting discussion posts on Steam? A perhaps-misguided reaction to the waves of hostile comments.

His own account only having been made that day? "I want to add that I have never used Reddit before, so I'm not entirely sure if this message will reach everyone in the thread."

I truly do not know what to make of this. It would be such an elaborate scheme, framing a no-name developer on Steam in order to steal information from a few dozen players enticed enough to check out its official website instead of just wishlisting.

For the footage, it's interesting, but also liable to have been somehow faked, manufactured, or otherwise sourced from somewhere else and taken out of context. Andrew does not address the GitHub page, which is still a troubling dimension of this story, and it honestly beggars belief that an indie game developer could claim, with a straight face, to have never used Reddit before.

But what if? Why would a hacker feel the need to keep up appearances through further social engineering like this post if the jig is already up? The stakes are already so low, the potatoes so small, and there are far easier ways to make money at other people's expense on the internet: I recommend pumping and dumping your own crypto shitcoin. For "Andrew" to be a hacker or even just an anarchic prankster stretches credulity almost as much as the story he tells.

If it is true, it's some real A Scanner Darkly stuff, a saga of digital impersonation and reputation-destroying total war that would be maddening to live through. People on the other side of the world have turned against you, proffering compelling evidence that you are a huckster and a criminal, and you have no recourse to prove your innocence, your protestations to the contrary⁠—in a second language, no less⁠—falling on deaf ears.

But, and I'm sorry if you are who you say you are, Andrew, Sniper: Phantom's Resolution simply does not look like a good game, real or fake. It's the stuff of generic milsim-adjacent tacticool shooting, aesthetically bland and promising an experience along the lines of "We have Sniper Elite at home." If Sniper: Phantom's Resolution was real, it was the perfect victim to be framed as a fake game.

"Be careful clicking on external links from Steam" appears to be one of few concrete takeaways here, with "be sure to secure your small business' web domain before you say it's yours" potentially being a second.

As with so many games industry stories, I'm reminded of the ending to the Coen Brothers film, Burn After Reading:

"What did we learn, Palmer?"

"I don't know, sir."

"I don't fucking know either. I guess we learned not to do it again."