Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Steam game malware. Show all posts
Vidar infostealer
Cybersecurity Threats malware Safety Steam game malware Vidar infostealer

Steam Removes Malware-Infested Game PirateFi

 

Valve recently removed a game from its online platform, Steam, after it was discovered to contain malware. The game, PirateFi, was analyzed by cybersecurity researchers who found that it had been modified to deceive players into installing the Vidar info-stealer.

Marius Genheimer, a researcher from SECUINFRA Falcon Team, told TechCrunch that based on the malware’s command and control servers and configuration, “we suspect that PirateFi was just one of multiple tactics used to distribute Vidar payloads en masse.”

“It is highly likely that it never was a legitimate, running game that was altered after first publication,” Genheimer added.

Investigations revealed that PirateFi was created by modifying an existing game template called Easy Survival RPG. This tool, designed for game development, costs between $399 and $1,099 for licensing. By leveraging this template, hackers were able to distribute a fully functional game embedded with malicious software with minimal effort.

Vidar, the malware found in PirateFi, is an infostealer designed to extract sensitive data from infected computers. According to Genheimer, the malware can steal passwords saved in web browsers, session cookies, browsing history, cryptocurrency wallet credentials, screenshots, two-factor authentication codes, and various other personal files.

Vidar has been linked to multiple cybercriminal campaigns, including attempts to steal Booking.com credentials, deploy ransomware, and insert malicious advertisements into Google search results. The Health Sector Cybersecurity Coordination Center (HC3) reported that since its discovery in 2018, Vidar has become one of the most prolific infostealers in circulation.

Infostealers are commonly distributed through a malware-as-a-service (MaaS) model, making them accessible to even low-skilled hackers. This model complicates efforts to trace the origins of attacks. Genheimer noted that identifying those behind PirateFi is particularly challenging because Vidar “is widely adopted by many cybercriminals.”

Researchers analyzed multiple samples of the malware, including one uploaded to VirusTotal by a Russian gamer and another identified through SteamDB, a database tracking Steam-hosted games. A third sample was found in a threat intelligence repository, and all three exhibited the same malicious functionality. Valve has not issued a response regarding the incident.

The supposed developer of PirateFi, Seaworth Interactive, has no online presence. Until recently, the game had an X (formerly Twitter) account linking to its Steam page, but the account has since been deleted. Attempts to contact the owners via direct messages went unanswered before the account was removed.
Read more »
Subscribe to: Posts (Atom)