Recently, Valve took action by pulling a game from its Steam platform due to the presence of malware embedded within it.
Following the game’s removal, identified as PirateFI, cybersecurity experts investigated the malware and discovered that its creators had modified an existing video game to deceive players into downloading an information-stealing tool known as Vidar.
Marius Genheimer, a cybersecurity researcher from Falcon Team, shared with TechCrunch that based on the command and control servers linked to the malware and its configuration, “we believe that PirateFi was merely one of several strategies employed to widely distribute Vidar.”
Genheimer asserted, “It is quite probable that it was never a legitimate, operational game that underwent alterations post-launch.”
In summary, PirateFI was specifically crafted to disseminate malware.
Genheimer and his team revealed that PirateFi was created by tweaking an existing game template named Easy Survival RPG, which claims to provide all the necessary tools to create your own single-player or multiplayer game. The licensing fee for this game development kit ranges from $399 to $1,099.
This explains how the attackers managed to deliver a playable video game alongside their malware with relative ease.
Genheimer noted that the Vidar infostealing malware can infiltrate and extract various data types from infected systems, including: passwords stored through web browser autofill, session cookies that allow logins without the password, browsing history, cryptocurrency wallet information, screenshots, two-factor authentication codes from certain generators, as well as other files stored on the affected device.
Vidar has been utilized in various cyber attacks, including one targeting Booking.com’s hotel account credentials, as well as campaigns aimed at deploying ransomware, and efforts to introduce malicious ads into Google search results. In 2024, the Health Sector Cybersecurity Coordination Center (HC3) reported that after its discovery in 2018, Vidar has evolved into one of the most effective infostealers.
Infostealers are prevalent forms of malware created to harvest sensitive information from a victim’s machine. This type of malware is typically offered through a malware-as-a-service model, enabling even less-skilled hackers to acquire and deploy it. Consequently, identifying the creators behind PirateFI becomes “incredibly challenging,” according to Genheimer, as Vidar “is extensively used by a variety of cybercriminals.”
Contact Us
If you have additional insights about this malware or other game-related hacks, please reach out to Lorenzo Franceschi-Bicchierai securely via Signal at +1 917 257 1382, or through Telegram and Keybase @lorenzofb, or via email. You may also contact TechCrunch through SecureDrop.
Genheimer indicated that they examined multiple samples of the malware linked to PirateFI, including one uploaded to the malware repository VirusTotal, reportedly by a player in Russia, and another identified through SteamDB, a resource that provides data regarding games on Steam. Another sample had been located in a threat intelligence database. All three malware variants share the same functionality, according to Genheimer.
Valve has yet to respond to TechCrunch’s inquiry for a comment.
Seaworth Interactive, the alleged developers of PirateFI, do not appear to have any meaningful online presence. Prior to the recent incident, the game maintained an account on X, which has since been deleted. This account previously included a link to the game on Steam.
The owners of the account did not reply to a request for direct messaging prior to its removal.
Compiled by Techarena.au.
Fanpage: TechArena.au
Watch more about AI – Artificial Intelligence
