Steam Game banner

Steam Game PirateFi Planted with Malware to Steal Passwords

2 Mins Read

PureVPNNewsSteam Game PirateFi Planted with Malware to Steal Passwords

A game available on Steam, called PirateFi, has been found to distribute Vidar infostealing malware to its players unknowingly. Listed in the Steam catalog from February 6th to February 12th, the game was downloaded by approximately 1,500 users. Steam is reaching out to those who may have been affected, recommending a complete Windows reinstall as a precautionary measure. 

The PirateFi page on Steam (Source: Internet Archive)

PirateFi Compromised 

PirateFi made its debut on Steam on February 6, and garnered positive feedback. Published by Seaworth Interactive, the game is set in a low-poly world where players engage in food gathering, weapon crafting, and base building.

Steam detected malware within the game earlier last week, though it did not disclose the specific type. “The Steam account of the developer for this game uploaded builds to Steam that contained suspected malware,” the notification stated.

“You played PirateFi (3476470) on Steam while these builds were active, so it is likely that these malicious files launched on your computer,” warned the platform.

Protective Measures Urged 

Users who installed the PirateFi game are advised to:

  • Perform a comprehensive system scan with antivirus software.
  • Inspect for any unfamiliar newly installed programs.
  • Consider reformatting their operating system.

Players in the game’s Steam Community have also alerted others, advising against launching the game after their antivirus software flagged it as malicious. Marius Genheimer from SECUINFRA Falcon Team analyzed a sample of the malware from PirateFi and confirmed it as a version of the Vidar infostealer.

“If you are one of the players who downloaded this “game”: Consider the credentials, session cookies and secrets saved in your browser, email client, cryptocurrency wallets etc. compromised,” said SECUINFRA.

It is recommended that passwords for all affected accounts be updated and multi-factor authentication is enabled wherever possible. The malware, confirmed as Vidar through dynamic analysis and YARA signatures, was concealed in a file named Pirate.exe, delivered via a payload (Howard.exe) bundled with the InnoSetup installer.

Genheimer noted that the threat actor altered the game’s files multiple times, employing different obfuscation tactics and modifying the command-and-control servers used for stealing credentials

The researcher also suggested that the use of cryptocurrency/blockchain/web3 references in the game’s title was deliberately chosen to attract a particular type of gamer. While Steam beefed up security with features like SMS verification in 2023, the PirateFi incident has exposed lingering loopholes in the platform’s defenses.

author

Anas Hasan

date

February 19, 2025

time

3 weeks ago

Anas Hassan is a tech geek and cybersecurity enthusiast. He has a vast experience in the field of digital transformation industry. When Anas isn’t blogging, he watches the football games.

Related Stories

Google Chromecast Users Face ‘Untrusted Device’ Error – Here’s How to Fix It

Google Chromecast Users Face ‘Untrusted Device’ Error – Here’s How to Fix It
Posted on March 12, 2025
EncryptHub Breaches Hundreds of Organizations Globally

EncryptHub Breaches Hundreds of Organizations Globally
Posted on February 27, 2025
Bybit Confirms Historic $1.46 Billion ETH Cold Wallet Breach

Bybit Confirms Historic $1.46 Billion ETH Cold Wallet Breach
Posted on February 24, 2025

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Get PureVPN