Last week, Valve removed a game from its online store Steam because the product was laced with malware.
After the removal of the game, which was called PirateFI, security researchers analyzed the malware and found that whoever planted it modified an existing video game in an attempt to trick gamers into installing an info-stealer called Vidar.
Marius Genheimer, a researcher who analyzed the malware and works at Falcon Team, told TechCrunch that judging by the command and control servers associated with the malware and its configuration, “we suspect that PirateFi was just one of multiple tactics used to distribute Vidar payloads en masse.”
“It is highly likely that it never was a legitimate, running game that was altered after first publication,” said Genheimer.
In other words, PirateFI was designed to spread malware.
Genheimer and colleagues also found that PirateFi was built by modifying an existing game template called Easy Survival RPG, which bills itself as a game-making app that “gives you everything you need to develop your own singleplayer or multiplayer” game. The game maker costs between $399 and $1,099 to license.
This explains how the hackers were able to ship a functioning video game with their malware with little effort.
According to Genheimer, the Vidar infostealing malware is capable of stealing and exfiltrating several types of data from the computers it infects, including: passwords from the web browser autofill feature, session cookies that can be used to log in as someone without needing their password, web browser history, cryptocurrency wallet details, screenshots, and two-factor codes from certain token generators, as well as other files on the person’s computer.
Vidar has been used in several hacking campaigns, including one attempting to steal Booking.com’s hotel credentials, others with the goal of deploying ransomware, and another effort to plant malicious advertisements on Google search results. During 2024, the Health Sector Cybersecurity Coordination Center (HC3) reported that Vidar, which was first discovered in 2018, has “grown to be one of the most success …