Game Trailers & Previews

Steam Game Found Spreading Malware to Steal User Passwords

Ds' 0

Hackers have infiltrated the Steam platform by uploading a malicious game titled “PirateFi,” designed to infect unsuspecting players’ computers and harvest sensitive login credentials. Security researchers discovered that the game acts as a delivery vehicle for Vidar, a notorious “infostealer” malware capable of scraping passwords, browser data, and cryptocurrency wallet information.

The Growing Threat of Vidar Malware

Vidar has been used in several hacking campaigns, including one attempting to steal Booking.com’s hotel credentials, others with the goal of deploying ransomware, and another effort to plant malicious advertisements on Google search results. During 2024, the Health Sector Cybersecurity Coordination Center (HC3) reported that Vidar, which was first discovered in 2018, has “grown to be one of the most successful infostealers.”

How Infostealers Operate

Infostealers are common types of malware designed to steal information and data from a victim’s computer. Infostealers are often sold in the malware-as-a-service model, meaning the malware can be purchased and used even by hackers with little skill. This also makes identifying who was behind PirateFi “very difficult,” said Genheimer, as Vidar “is widely adopted by many cybercriminals.”

Evidence Found in Malware Samples

Genheimer said they analyzed several samples of the malware included in PirateFi, one found on the malware online repository VirusTotal, which was apparently uploaded by a gamer in Russia; another one they identified through SteamDB, a website that publishes information about games hosted on Steam. The researchers found another sample in a threat intelligence database they have access to. All three malware samples have the same functionality, according to Genheimer.

Lack of Accountability and Platform Response

Valve did not respond to TechCrunch’s request for comment regarding the incident.

Seaworth Interactive, the purported developers of PirateFi, has no apparent online presence. Until last week, the game had an X account, which has now been removed. The account included a link to the game on Steam. The owners of the account did not respond to a request to chat via Direct Message before it was removed.

Ds'

Website:

Related Story

Leave a Reply

Your email address will not be published. Required fields are marked *