Hackers planted a Steam recreation with malware to steal avid gamers’ passwords | TechCrunch

Final week, Valve eliminated a recreation from its on-line retailer Steam as a result of the product was laced with malware. 

After the removing of the sport, which was known as PirateFi, safety researchers analyzed the malware and located that whoever planted it modified an present online game in an try and trick avid gamers into putting in an info-stealer known as Vidar.

Marius Genheimer, a researcher who analyzed the malware and works at SECUINFRA Falcon Crew, instructed TechCrunch that judging by the command and management servers related to the malware and its configuration, “we suspect that PirateFi was just one of multiple tactics used to distribute Vidar payloads en masse.”

“It is highly likely that it never was a legitimate, running game that was altered after first publication,” stated Genheimer. 

In different phrases, PirateFi was designed to unfold malware. 

Genheimer and colleagues additionally discovered that PirateFi was constructed by modifying an present recreation template known as Straightforward Survival RPG, which payments itself as a game-making app that “gives you everything you need to develop your own singleplayer or multiplayer” recreation. The sport maker prices between $399 and $1,099 to license. 

This explains how the hackers had been in a position to ship a functioning online game with their malware with little effort. 

In response to Genheimer, the Vidar infostealing malware is able to stealing and exfiltrating a number of sorts of knowledge from the computer systems it infects, together with: passwords from the online browser autofill function, session cookies that can be utilized to log in as somebody with no need their password, net browser historical past, cryptocurrency pockets particulars, screenshots, and two-factor codes from sure token turbines, in addition to different information on the particular person’s pc. 

Vidar has been utilized in a number of hacking campaigns, together with one making an attempt to steal Reserving.com’s resort credentials, others with the purpose of deploying ransomware, and one other effort to plant malicious ads on Google search outcomes. Throughout 2024, the Health Sector Cybersecurity Coordination Middle (HC3) reported that Vidar, which was first found in 2018, has “grown to be one of the most successful infostealers.”

Infostealers are widespread sorts of malware designed to steal info and knowledge from a sufferer’s pc. Infostealers are sometimes bought within the malware-as-a-service mannequin, that means the malware may be bought and used even by hackers with little talent. This additionally makes figuring out who was behind PirateFi “very difficult,” stated Genheimer, as Vidar “is widely adopted by many cybercriminals.”

Genheimer stated they analyzed a number of samples of the malware included in PirateFi, one discovered on the malware on-line repository VirusTotal, which was apparently uploaded by a gamer in Russia; one other one they recognized by SteamDB, a web site that publishes details about video games hosted on Steam. The researchers discovered one other pattern in a menace intelligence database they’ve entry to. All three malware samples have the identical performance, in line with Genheimer.

Valve didn’t reply to TechCrunch’s request for remark.

Seaworth Interactive, the purported builders of PirateFi, has no obvious on-line presence. Till final week, the sport had an X account, which has now been eliminated. The account included a hyperlink to the sport on Steam.

The house owners of the account didn’t reply to a request to speak through Direct Message earlier than it was eliminated.