It turns out that a free game distributed on Steam for a week was equipped with 'malware that steals passwords'
It has been revealed through an email sent by Steam to users that the free game 'PirateFi,' distributed on Steam, the world's largest PC gaming platform, has been contaminated with infostealer malware.
PirateFi game on Steam caught installing password-stealing malware
The malware-infected game in question, 'PirateFi,' is a free game released by developer Seaworth Interactive on February 6, 2025, and was installed by between 800 and 1,500 people before being removed on the 12th.
According to the PirateFi distribution page stored in the Internet Archive, this game is a survival game set in the open sea, where players build bases, create weapons, and procure food, and it also supports multiplayer.
The game received 'positive' ratings from 19 users, although most of the reviewers had less than an hour of playtime and had only 1-2 reviews of other games on Steam, with no reviewers having more than 10 reviews.
SteamDB, a Steam data aggregation site, revealed on February 12 that Steam had sent notifications to users who had installed PirateFi, informing them that the game had been found to contain malware. The notification sent to affected users read, 'The developer's Steam account for this game has uploaded a build to Steam that contains suspected malware.'
A game called PirateFi released on Steam last week and it contained malware. Valve have removed the game two days ago.
— SteamDB (@SteamDB) February 12, 2025
Users that played the game have received the following email: pic.twitter.com/B98BFs0WbK
In the notification, Steam advised users that malicious files may have been deployed to their PC, and recommended that they run a full system scan with antivirus software, check for any unknown software installed, or consider formatting their operating system.
According to Marius Genheimer of the SECUINFRA Falcon Team, a security company that obtained and analyzed the game files, PirateFi contains a type of infostealer malware called ' Vidar .'
'The threat actors used a variety of obfuscation techniques and modified game files multiple times while switching command and control servers to exfiltrate credentials,' Genheimer told tech media outlet BleepingComputer.
The SECUINFRA Falcon Team also urged users to 'assume that if you are one of the players who downloaded this 'game', any confidential information stored in browsers, email clients, cryptocurrency wallets, etc., such as credentials and session cookies, has been leaked. Change passwords for all affected accounts and use multi-factor authentication where possible.'
🆘 If you are one of the players who downloaded this 'game': Consider the credentials, session cookies and secrets saved in your browser, email client, cryptocurrency wallets etc. compromised. Change passwords for all affected accounts and use Multi-Factor-Authentication where…
— SECUINFRA FALCON TEAM (@SI_FalconTeam) February 13, 2025
While it is relatively rare for malware to be distributed through Steam, there is precedent: In February 2023, a malicious Dota 2 game mod was distributed through Steam that leveraged a browser exploit to execute remote code on players' PCs.
Additionally, in December 2023, the infostealer malware Epsilon was found in a popular mod for the roguelike card game Slay the Spire .
BleepingComputer said, 'Steam has implemented additional measures, such as SMS-based authentication, to protect players from unauthorized malicious updates, but the PirateFi case shows that these measures alone are not enough.'
Related Posts:
in Web Service, Game, Security, Posted by log1l_ks