A recently launched game on Steam, PirateFI, has been removed after it was discovered to contain malicious software. The malware, identified as Vidar, poses significant risks to users by stealing sensitive information such as passwords, session cookies, and cryptocurrency wallet details. This development has raised concerns about cybersecurity on popular gaming platforms.
Vidar, the infostealer embedded in PirateFI, has been a tool of choice for cybercriminals since its discovery in 2018. According to the Health Sector Cybersecurity Coordination Center (HC3), Vidar has "grown to be one of the most successful infostealers" by 2024. Its capabilities extend beyond simple data theft, allowing it to capture screenshots and two-factor authentication codes, making it a potent threat to online security.
The malware found its way into PirateFI through the Easy Survival RPG template. This game-making application allows developers to create games with ease, described by its creators as a tool that "gives you everything you need to develop your own singleplayer or multiplayer" experience. However, the malware's inclusion suggests that PirateFI may have never been a legitimate gaming product. Security researcher Marius Genheimer noted that it was "highly likely that it never was a legitimate, running game that was altered after first publication."
Seaworth Interactive, the alleged developers of PirateFI, have no discernible online footprint. The lack of response from the account owners associated with the game only adds to the mystery. After the removal of PirateFI from Steam, the associated account was also deleted, further complicating attempts to trace its origins.
The discovery of the malware was facilitated by both a gamer in Russia, who uploaded it to VirusTotal, and SteamDB, a site dedicated to publishing information about games on Steam. Researchers from Falcon Team conducted an in-depth analysis, revealing that the malware was designed to deceive gamers into installing Vidar. They also managed to identify the command and control servers used by the malware.
Vidar's notoriety is not new; it has been deployed in various hacking campaigns over the years, including one targeting Booking.com. Its widespread adoption by cybercriminals underscores the need for heightened vigilance among game developers and platform operators.
Leave a Reply