A vulnerability in Valve’s Source SDK, a library used by game vendors to support custom mods and other features, allows a malicious actor to execute code on a user’s computer, and optionally install malware, such as ransomware, cryptocurrency miners, banking trojans, and others. […]

from https://www.bleepingcomputer.com/news/security/valve-patches-security-flaw-that-allows-installation-of-malware-via-steam-games/