Valve removes PirateFi, a free Steam game that was laced with info-stealing malware.
Earlier this week, Valve removed a game known as PirateFi from its online store, Steam. This is because they discovered that the game contained malware. After a thorough investigation by security experts, it was revealed that the game was designed to spread malware which is known as Vidar. The primary aim of Vidar was to steal sensitive information from infected computers. There is a comprehensive procedure through which malware was spread through the PirateFi game.
Table of Contents
How the Malware Was Spread via PirateFi
A reliable security expert Marius Genheimer from the SECUINFRA Falcon Team explained that PirateFi was one of many methods which was used to spread Vidar, a harmful malware. Genheimer noted that the implantation of the malware was done in the already existing version of an existing game which means PirateFi was never intended to be an honest game. It was realized that the sole purpose of creating this game was to spread malware to a large number of players. This was a well-thought-out move that could have made blunders if not detected on time.
The Easy Survival RPG Template and the Creation of PirateFi
The security investigators found out that the hackers used a game-making medium called Easy Survival RPG to build the game PirateFi. This tool permits anyone to build single-player or multi-player games with very little effort and it costs between $399 and $1,099 for a license. By making changes to this template, the hackers were able to ship a working video game that contained malware which makes it easier to spread.
What Is Vidar and How Does It Work?
Vidar is a type of malware known as an “infostealer” which means it is particularly developed to steal personal data from already infected systems. The infostealing malware can collect data like saved passwords, session cookies (which allow hackers to impersonate users), browsing history, cryptocurrency wallet information, screenshots, two-factor authentication codes, and other important files.
It was discovered that Vidar has been utilized in a comprehensive range of hacking campaigns, including one that stole credentials from Booking.com and others that deployed ransomware or showed fake ads on Google search results. In 2024, the Health Sector Cybersecurity Coordination Center (HC3) reported that Vidar had become one of the most successful infostealing malware in the cybercrime world.
The Growing Threat of Infostealers
In today’s fast-paced world, the threat of infostealers is growing immensely. Infostealers like Vidar are usually sold as a service which means that hackers who do not have enough skills can also buy and use them. This makes it difficult to identify the exact individuals behind cyberattacks like the one involving PirateFi, as multiple cybercriminals may use the same malware. Therefore, such issues should be taken seriously to prevent any damage to your personal information.
Investigating the Different Versions of PirateFi Malware
Genheimer stated that the investigation team discovered a range of versions of Vidar malware connected to PirateFi. One of the versions was uploaded by a user from Russia on VirusTool which is a popular malware scanning website. Another version was determined via SteamDB which is a platform that tracks Steam games. At last, the third sample was found in their own threat intelligence database. All of the versions shared the common harmful functionalities.
Valve and Developer Response
Seaworth Interactive, the purported developers of PirateFi, have no visible online presence. Prior to the removal of PirateFi from Steam, the developers had an X account (which is a Twitter account) that linked to the game. However, this account was deleted after the game was taken down, and the owners did not respond to messages before the account’s removal.
Conclusion
The removal of PirateFi from the Steam online store is a reminder of the increasing threat driven by malware, especially infostealing malware like Vidar. This shows how cybercriminals can manipulate gaming platforms and tools to distribute harmful software. As infostealing malware becomes more and more accessible, it is necessary for gamers and all users to stay alert, practice good cybersecurity habits, and be aware when installing software from unfamiliar sources.
