A free-to-play sport named PirateFi within the Steam retailer has been distributing the Vidar infostealing malware to unsuspecting customers.
The title was current within the Steam catalog for nearly every week, between February sixth and February twelfth, and was downloaded by as much as 1,500 customers. The distribution service is sending notices to doubtlessly impacted customers, advising them to reinstall Home windows out of an abundance of warning.
Malware on Steam
PirateFi was launched on Steam final week by Seaworth Interactive, and obtained optimistic evaluations. It’s described as a survival sport set in a low-poly world involving base constructing, weapon crafting and meals gathering.
Supply: Web Archive
Earlier this week although, Steam found that the sport contained malware however the service didn’t specify the precise sort.
“The Steam account of the developer for this sport uploaded builds to Steam that contained suspected malware,” reads the notification.
“You performed PirateFi (3476470) on Steam whereas these builds have been energetic, so it’s doubtless that these malicious recordsdata launched in your laptop,” the service warns.
The advisable measures for the notification recipients embrace operating a full system scan utilizing an up-to-date antivirus, checking for newly put in software program they do not acknowledge, and contemplating an OS format.
Supply: SteamDB
Impacted customers have additionally posted warnings on the title’s Steam Group web page, telling others to not launch the sport as their antivirus acknowledged it as malware.
Marius Genheimer of SECUINFRA Falcon Crew obtained a pattern of the malware distributed via PirateFi and recognized it as a model of the Vidar infostealer.
“In case you are one of many gamers who downloaded this “sport”: Think about the credentials, session cookies and secrets and techniques saved in your browser, e-mail shopper, cryptocurrency wallets and many others. compromised,” advises SECUINFRA.
The advice is to vary the passwords for all doubtlessly affected accounts and activate the multi-factor authentication safety the place attainable.
The malware, recognized as Vidar primarily based on dynamic evaluation and YARA signature matches, was hidden in a file referred to as Pirate.exe as a payload (Howard.exe) filled with InnoSetup installer.
Genheimer advised BleepingComputer that the risk actor modified the sport recordsdata a number of occasions, utilizing numerous obfuscation strategies and altering the command-and-control servers for credential exfiltration.
The researcher believes that the web3/blockchain/cryptocurrency references within the PirateFi title have been intentional, to lure a selected participant base
Steam didn’t publish figures on what number of customers have been impacted by the PirateFi malware however statistics on the title’s web page reveals that as much as 1,500 people could also be impacted.
Malware infiltrating the Steam retailer just isn’t widespread, however it’s not unprecedented both. In February 2023, Steam customers have been focused by malicious Dota 2 sport modes that leveraged a Chrome n-day exploit to carry out distant code execution on the gamers’ computer systems.
In December 2023, a mod for the then-popular Slay the Spire indie technique sport was compromised by hackers who injected an ‘Epsilon’ infostealer dropper into it.
Steam has launched extra measures like SMS-based verification to guard gamers from unauthorized malicious updates, however the case of PirateFi reveals that these measures are inadequate.