Hackers planted a steam game with malware to steal gamers’ passwords

Last week, Valve removed a game from its Steam online store because The product was full of malwareS

After removing the game called Piratefi, security researchers analyzed malware and found that anyone who planted it has modified an existing video game in an attempt to lure gamers to install the gamers Information foot Called Vidar.

Marius Genheimer, a researcher who analyzes malware and works on the Secuinfra Falcon team, told TechCrunch that judging by command and control servers associated with malware and its configuration, “suspect Piratefi is just one of the multiple tactics, For the distribution of VIDAR, useful loads massively. “

“It is very likely that she was not a legitimate, working game that was changed after the first publication,” says Genheimer.

In other words, Piratefi is designed to distribute malware.

Genheimer and colleagues also find that Piratefi was built by change playing template Called Easy Survival RPG, which is mixed as a game creation app that “gives you everything you need to develop your own Singleplayer or multiplayer game.” The game manufacturer costs between $ 399 and $ 1.099 a license.

This explains how the hackers have been able to send a functioning video game with their malware with little effort.

According to Genheimer, the malware Vidar Infostealing is able to steal and exfiltrate several types of data from IT computers, including: passwords from the Web browser automatic performance feature, session cookies that can be used to log in as a person without a person need your password, a web browser history, portfolio details for Cryptocurrency, screenshots and two -factor codes from certain tokens generators, as well as other computer files.

Vidar has been used in several hacker campaigns including One attempt to steal Certificates for Booking.com Hotel, others for the purpose Ransomand another effort To plant malicious ads About Google search results. In 2024, the Coordination Center for Cybersecurity of the Health Sector (HC3) reported This Vidar, which was first discovered in 2018, “grew up as one of the most successful info.”

Infostel are common types of malware designed to steal information and data from the victim’s computer. Infostealers is often sold in the malware model as a service, which means that malware can be purchased and used even by hackers with little skills. It also makes identification of who is behind Pirates “very difficult,” Genheimer said, as Vidar “is widely accepted by many cybercriminals.”

Genheimer said they have analyzed several malware samples included in Piratefi, one found in the online Virustotal malware that has been Apparently uploaded by a gamer in Russia; Another who identified you through Steamdb, a website that publishes information about Steam hosted games. Researchers have found another sample in a threat intelligence database they have access to. All three malware samples have the same functionality, according to Genheimer.

Valve did not respond to TechCrunch’s request for comment.

Seaworth Interactive, the alleged developers of PiratesThere is no visible online presence. Until last week the game had X accountwhich is now eliminated. The account included a link to the Steam game.

Account owners did not respond to a chat request by direct message before removed.