In a concerning turn of events, Valve recently pulled a game called PirateFi from its popular online store, Steam, after security researchers discovered that it was laced with hackers malware. But how did this game, which seemed like a harmless title, end up causing so much trouble for unsuspecting players?

The Discovery of Malware in PirateFi

When the game PirateFi was removed from Steam, researchers quickly got to work analyzing the malware hidden inside it. What they found was alarming: the game had been modified to trick gamers into installing an info-stealer called Vidar. Vidar is a type of malware designed to steal valuable information from infected computers, including passwords, cryptocurrency wallet details, and even session cookies. Essentially, it could provide hackers with access to personal accounts and sensitive data.

Marius Genheimer, a security researcher at SECUINFRA Falcon Team, shared that based on the server information linked to the malware, PirateFi was likely just one of many methods used to distribute Vidar. He further clarified that the game was probably never a legitimate product to begin with, but instead crafted specifically to spread the malicious software.

How the Malware Spread

The game PirateFi wasn’t a completely new creation. It was built by modifying an existing game template called Easy Survival RPG. This game-making app, which costs between $399 and $1,099 to license, allows users to develop their own games with minimal effort. By using this template, the hackers were able to easily create a game that appeared functional, while sneaking the malware into the background.

This is how they managed to distribute the malware: gamers would download the game, play it, and unknowingly infect their computers with Vidar. This highlights just how easy it can be for malicious actors to create seemingly innocent software that ends up causing serious harm.

The Dangers of Vidar Malware

Vidar is notorious for its ability to steal a wide range of sensitive data. Some of the information it targets includes:

Passwords saved in web browsers
Cryptocurrency wallet details
Web browser history
Session cookies (allowing hackers to log in to accounts without passwords)
Screenshots and two-factor codes from token generators

Vidar has been involved in multiple hacking campaigns, such as stealing hotel credentials from Booking.com, deploying ransomware, and even placing malicious ads on Google search results. It’s one of the most successful info-stealing malware programs, and it’s growing in popularity, according to reports from the Health Sector Cybersecurity Coordination Center (HC3).

The Infostealer Malware Trend

Infostealers like Vidar are a common type of malware designed to steal sensitive data from victims’ devices. What’s troubling is that infostealers are often sold as a “malware-as-a-service.” This means even low-skilled hackers can purchase and use these tools, making it much harder to track the original perpetrators of the attack.

In the case of PirateFi, Genheimer and his team found several samples of the Vidar malware online, some uploaded by gamers themselves. They discovered these samples through different platforms, including VirusTotal and SteamDB, where details about games on Steam are shared. These samples all had the same harmful functionality.

The Struggle to Trace the Hackers

One of the challenges researchers face is identifying the hackers behind PirateFi. Since Vidar is widely used by many cybercriminals, it’s difficult to pinpoint exactly who is responsible for this attack. However, the malware’s widespread adoption makes it clear that PirateFi was not a one-off incident, but part of a much larger problem with malware distribution.

Who’s Behind PirateFi?

Interestingly, the developers behind PirateFi, listed as Seaworth Interactive, seem to have no significant online presence. Before the game’s removal, they had an account on X (formerly Twitter), which is now deleted. The account even included a link to the game’s Steam page. Despite efforts to reach out to the developers, no responses were received before the account was taken down.

Conclusion

The case of PirateFi serves as a warning for gamers and the broader digital community. It highlights the dangers of downloading games from unreliable hackers sources and shows how easy it is for hackers to modify existing tools to distribute malware. As cyber threats continue to evolve, it’s more important than ever for players to be cautious and ensure that their devices are protected from potential threats.

Valve’s decision to remove the game from Steam is a necessary step in protecting users, but the fact that this malware made its way into the gaming world in the first place is a reminder of how important cybersecurity is in every corner of the internet. Stay vigilant and always prioritize security when downloading and playing games online.