Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
What just happened? Valve is often criticized for allowing almost any game to be sold on Steam, no matter how amateurish it appears. However, despite the immense number of titles released daily, actual malware is almost unheard of on the storefront. But users might need to start exercising caution when downloading free-to-play games from new developers.
Users who installed the free-to-play game PirateFi from Steam should change their passwords and seriously consider reinstalling their operating systems. Valve removed the game after discovering it contained malware designed to steal account credentials and other info.
PirateFi initially appeared on February 6 and likely affected only a few hundred users before Valve delisted it a few days later. Accounts that downloaded and ran the game while malicious builds were active should receive an alert from the company recommending that they perform a virus scan and reformat their devices.
A game called PirateFi released on Steam last week and it contained malware. Valve have removed the game two days ago.
Users that played the game have received the following email: pic.twitter.com/B98BFs0WbK
One user reported that their antivirus prevented the game from booting after flagging a trojan called "Win32.Lazzzy.gen," and Steam presented a hardware failure warning. They also suspected that the reviews were fake.
According to PCMag, other users lost their passwords, and some accounts were broken into using stolen cookies. In one case, the malware stole a Microsoft account, blocked Microsoft support from the associated emails, and sent scam links to the targeted users' contacts.
Furthermore, hackers attempted to distribute the game through Telegram. A suspected chatbot advertised a chat moderation job that paid $17 an hour, describing PirateFi as a web3 game with over 7,000 players. The mysterious account's consistent response time – 21 seconds, caused the recipient to suspect that it was run by an AI.
A SECUINFRA Falcon Team researcher told TechCrunch that PirateFi was likely designed to spread the Vidar info-stealer malware, suggesting that the hackers hadn't commandeered an initially legitimate game. They appeared to use ready-made assets from the Easy Survival RPG template, which likely helped PirateFi bypass Valve's security measures. Licensing the assets cost a few hundred dollars, which might have been cheap enough to make the scam profitable, depending on the number of infected users.
Vidar can steal browser history, cryptocurrency wallet information, browser autofill passwords, two-factor codes, and more. It can also steal session cookies to log into various services without a password. Impacted users might find a file called "Howard.exe" in AppData > Temp.
If affected users don't reinstall their operating systems – and they likely should – they should at least clear their browser history and change their passwords.
English (US) ·