PirateFi game on Steam caught installing password-stealing malware – BleepingComputer
Google fixes flaw that could unmask YouTube users’ email addressesBadPilot network hacking campaign fuels Russian SandWorm attacksMicrosoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flawsDPRK hackers dupe targets into typing PowerShell commands as adminNew FinalDraft malware abuses Outlook mail service for stealthy commsSocial media is stealing your time—Zario Pro helps you get your focus backMicrosoft: Hackers steal emails in device code phishing attacksDitch subscription fees—this Microsoft Office standalone license is the real dealHow to access the Dark Web using the Tor BrowserHow to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11How to use the Windows Registry EditorHow to backup and restore the Windows RegistryHow to start Windows in Safe ModeHow to remove a Trojan, Virus, Worm, or other MalwareHow to show hidden files in Windows 7How to see hidden files in WindowsRemove the Theonlinesearch.com Search RedirectRemove the Smartwebfinder.com Search RedirectHow to remove the PBlock+ adware browser extensionRemove the Toksearches.xyz Search RedirectRemove Security Tool and SecurityTool (Uninstall Guide)How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundoHow to remove Antivirus 2009 (Uninstall Instructions)How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKillerLocky Ransomware Information, Help Guide, and FAQCryptoLocker Ransomware Information Guide and FAQCryptorBit and HowDecrypt Information Guide and FAQCryptoDefense and How_Decrypt Ransomware Information Guide and FAQQualys BrowserCheckSTOPDecrypterAuroraDecrypterFilesLockerDecrypterAdwCleanerComboFixRKillJunkware Removal TooleLearningIT Certification CoursesGear + GadgetsSecurityBest VPNsHow to change IP addressAccess the dark web safelyBest VPN for YouTubeA free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users.The title was present in the Steam catalog for almost a week, between February 6th and February 12th, and was downloaded by up to 1,500 users. The distribution service is sending notices to potentially impacted users, advising them to reinstall Windows out of an abundance of caution.PirateFi was released on Steam last week by Seaworth Interactive, and received positive reviews. It is described as a survival game set in a low-poly world involving base building, weapon crafting and food gathering.Earlier this week though, Steam discovered that the game contained malware but the service did not specify the exact type.”The Steam account of the developer for this game uploaded builds to Steam that contained suspected malware,” reads the notification.”You played PirateFi (3476470) on Steam while these builds were active, so it is likely that these malicious files launched on your computer,” the service warns.The recommended measures for the notification recipients include running a full system scan using an up-to-date antivirus, checking for newly installed software they don’t recognize, and considering an OS format.Impacted users have also posted warnings on the title’s Steam Community page, telling others not to launch the game as their antivirus recognized it as malware.Marius Genheimer of SECUINFRA Falcon Team obtained a sample of the malware distributed through PirateFi and identified it as a version of the Vidar infostealer.”If you are one of the players who downloaded this “game”: Consider the credentials, session cookies and secrets saved in your browser, email client, cryptocurrency wallets etc. compromised,” advises SECUINFRA.The recommendation is to change the passwords for all potentially affected accounts and activate the multi-factor authentication protection where possible.The malware, identified as Vidar based on dynamic analysis and YARA signature matches, was hidden in a file called Pirate.exe as a payload (Howard.exe) packed with InnoSetup installer.Genheimer told BleepingComputer that the threat actor modified the game files several times, using various obfuscation techniques and changing the command-and-control servers for credential exfiltration.The researcher believes that the web3/blockchain/cryptocurrency references in the PirateFi name were intentional, to lure a specific player base.Steam did not publish figures on how many users have been impacted by the PirateFi malware but statistics on the title’s page shows that up to 1,500 individuals may be impacted.Malware infiltrating the Steam store is not common, but it’s not unprecedented either. In February 2023, Steam users were targeted by malicious Dota 2 game modes that leveraged a Chrome n-day exploit to perform remote code execution on the players’ computers.In December 2023, a mod for the then-popular Slay the Spire indie strategy game was compromised by hackers who injected an ‘Epsilon’ infostealer dropper into it.Steam has introduced additional measures like SMS-based verification to protect players from unauthorized malicious updates, but the case of PirateFi shows that these measures are insufficient.Stolen Path of Exile 2 admin account used to hack player accountsDPRK hackers dupe targets into typing PowerShell commands as adminMicrosoft issues optional fix for Secure Boot zero-day used by malwareCrypto-stealing apps found in Apple App Store for the first timeMicrosoft says attackers use exposed ASP.NET keys to deploy malwareNot a member yet? Register NowwhoAMI attacks give hackers code execution on Amazon EC2 instancesHackers exploit authentication bypass in Palo Alto Networks PAN-OSChinese hackers breach more US telecoms via unpatched Cisco routersPassword health-check overdue? Audit your Active Directory for freeRDP Security Simplified – No VPN, No Firewall Exposure. Get a free TruGrid business trial.Request your complimentary data risk assessment for AWSRDP Security Simplified – No VPN, No Firewall Exposure. Get a free TruGrid business trial.Get the GOAT Guide to learn how to start validating, start defending, and start winning.Terms of Use – Privacy Policy – Ethics Statement – Affiliate DisclosureCopyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights ReservedNot a member yet? Register NowRead our posting guidelinese to learn what content is prohibited.
