A free-to-play sport named PirateFi within the Steam retailer has been distributing the Vidar infostealing malware to unsuspecting customers.
The title was current within the Steam catalog for nearly per week, between February sixth and February twelfth, and was downloaded by as much as 1,500 customers. The distribution service is sending notices to probably impacted customers, advising them to reinstall Home windows out of an abundance of warning.
Malware on Steam
PirateFi was launched on Steam final week by Seaworth Interactive, and obtained optimistic opinions. It’s described as a survival sport set in a low-poly world involving base constructing, weapon crafting and meals gathering.
Supply: Web Archive
Earlier this week although, Steam found that the sport contained malware however the service didn’t specify the precise sort.
“The Steam account of the developer for this sport uploaded builds to Steam that contained suspected malware,” reads the notification.
“You performed PirateFi (3476470) on Steam whereas these builds have been lively, so it’s probably that these malicious information launched in your pc,” the service warns.
The advisable measures for the notification recipients embrace operating a full system scan utilizing an up-to-date antivirus, checking for newly put in software program they do not acknowledge, and contemplating an OS format.
Supply: SteamDB
Impacted customers have additionally posted warnings on the title’s Steam Group web page, telling others to not launch the sport as their antivirus acknowledged it as malware.
Marius Genheimer of SECUINFRA Falcon Group obtained a pattern of the malware distributed by way of PirateFi and recognized it as a model of the Vidar infostealer.
“If you’re one of many gamers who downloaded this “sport”: Take into account the credentials, session cookies and secrets and techniques saved in your browser, e-mail consumer, cryptocurrency wallets and so forth. compromised,” advises SECUINFRA.
The advice is to alter the passwords for all probably affected accounts and activate the multi-factor authentication safety the place attainable.
The malware, recognized as Vidar primarily based on dynamic evaluation and YARA signature matches, was hidden in a file known as Pirate.exe as a payload (Howard.exe) full of InnoSetup installer.
Genheimer instructed BleepingComputer that the menace actor modified the sport information a number of instances, utilizing varied obfuscation strategies and altering the command-and-control servers for credential exfiltration.
The researcher believes that the web3/blockchain/cryptocurrency references within the PirateFi identify have been intentional, to lure a selected participant base.
Steam didn’t publish figures on what number of customers have been impacted by the PirateFi malware however statistics on the title’s web page exhibits that as much as 1,500 people could also be impacted.
Malware infiltrating the Steam retailer shouldn’t be frequent, however it’s not unprecedented both. In February 2023, Steam customers have been focused by malicious Dota 2 sport modes that leveraged a Chrome n-day exploit to carry out distant code execution on the gamers’ computer systems.
In December 2023, a mod for the then-popular Slay the Spire indie technique sport was compromised by hackers who injected an ‘Epsilon’ infostealer dropper into it.
Steam has launched extra measures like SMS-based verification to guard gamers from unauthorized malicious updates, however the case of PirateFi exhibits that these measures are inadequate.