{"id":653983,"date":"2025-02-18T20:25:10","date_gmt":"2025-02-18T17:25:10","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/hackers-planted-a-steam-game-with-malware-to-steal-gamers-passwords\/"},"modified":"2025-02-18T20:25:10","modified_gmt":"2025-02-18T17:25:10","slug":"hackers-planted-a-steam-game-with-malware-to-steal-gamers-passwords","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/hackers-planted-a-steam-game-with-malware-to-steal-gamers-passwords\/","title":{"rendered":"#Hackers planted a Steam game with malware to steal gamers&#8217; passwords"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a416487398c9\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a416487398c9\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/hackers-planted-a-steam-game-with-malware-to-steal-gamers-passwords\/#Contact_Us\" >Contact Us<\/a><\/li><\/ul><\/nav><\/div>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">Last week, Valve removed a <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/game\/\" data-internallinksmanager029f6b8e52c=\"7\" title=\"Game\" target=\"_blank\" rel=\"noopener\">game<\/a> from its online store Steam because the product was laced with malware.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">After the removal of the game, which was called PirateFI, security researchers analyzed the malware and found that whoever planted it modified an existing video game in an attempt to trick gamers into installing an info-stealer called Vidar.<\/p>\n<p class=\"wp-block-paragraph\">Marius Genheimer, a researcher who analyzed the malware and works at Falcon Team, told TechCrunch that judging by the command and control servers associated with the malware and its configuration, \u201cwe suspect that PirateFi was just one of multiple tactics used to distribute Vidar payloads en masse.\u201d<\/p>\n<p class=\"wp-block-paragraph\">\u201cIt is highly likely that it never was a legitimate, running game that was altered after first publication,\u201d said Genheimer.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">In other words, PirateFI was designed to spread malware.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Genheimer and colleagues also found that PirateFi was built by modifying <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.fab.com\/listings\/bc8e1ee8-5b82-40df-ad2c-226524ca6253\">an existing game template<\/a> called Easy Survival RPG, which bills itself as a game-making <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a> that \u201cgives you everything you need to develop your own singleplayer or multiplayer\u201d game. The game maker costs between $399 and $1,099 to license.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">This explains how the hackers were able to ship a functioning video game with their malware with little effort.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">According to Genheimer, the Vidar infostealing malware is capable of stealing and exfiltrating several types of data from the computers it infects, including: passwords from the web browser autofill feature, session cookies that can be used to log in as someone without needing their password, web browser history, cryptocurrency wallet details, screenshots, and two-factor codes from certain token generators, as well as other files on the person\u2019s computer.\u00a0<\/p>\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"590\" height=\"651\" src=\"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/02\/Screenshot-2025-02-14-at-2.44.55PM.png\" alt=\"\" class=\"wp-image-2967576\" srcset=\"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/02\/Screenshot-2025-02-14-at-2.44.55PM.png 590w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/02\/Screenshot-2025-02-14-at-2.44.55PM.png?resize=136,150 136w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/02\/Screenshot-2025-02-14-at-2.44.55PM.png?resize=272,300 272w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/02\/Screenshot-2025-02-14-at-2.44.55PM.png?resize=390,430 390w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/02\/Screenshot-2025-02-14-at-2.44.55PM.png?resize=340,375 340w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/02\/Screenshot-2025-02-14-at-2.44.55PM.png?resize=559,617 559w, https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/02\/Screenshot-2025-02-14-at-2.44.55PM.png?resize=481,531 481w\" sizes=\"auto, (max-width: 590px) 100vw, 590px\"\/><\/figure>\n<p class=\"wp-block-paragraph\">Vidar has been used in several hacking campaigns, including <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.secureworks.com\/blog\/vidar-infostealer-steals-booking-com-credentials-in-fraud-scam\">one attempting to steal<\/a> Booking.com\u2019s hotel credentials, others with the goal of <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"http:\/\/trendmicro.com\/en_us\/research\/23\/i\/redline-vidar-first-abuses-ev-certificates.html\">deploying ransomware<\/a>, and another effort <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/darktrace.com\/blog\/vidar-info-stealer-malware-distributed-via-malvertising-on-google\">to plant malicious advertisements<\/a> on Google search results. During 2024, the Health Sector Cybersecurity Coordination Center (HC3) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.hhs.gov\/sites\/default\/files\/vidar-malware-analyst-note-tlpclear.pdf\">reported<\/a> that Vidar, which was first discovered in 2018, has \u201cgrown to be one of the most successful infostealers.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Infostealers are common types of malware designed to steal information and data from a victim\u2019s computer. Infostealers are often sold in the malware-as-a-service model, meaning the malware can be purchased and used even by hackers with little skill. This also makes identifying who was behind PirateFI \u201cvery difficult,\u201d said Genheimer, as Vidar \u201cis widely adopted by many cybercriminals.\u201d<\/p>\n<div class=\"article-block block--callout block--right has-green-500-background-color\">\n<h4 class=\"block--callout__title\"><span class=\"ez-toc-section\" id=\"Contact_Us\"><\/span>Contact Us<span class=\"ez-toc-section-end\"><\/span><\/h4>\n<p>\t\t\tDo you have more information about this malware, or other video games related hacks? From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.\t\t<\/p><\/div>\n<p class=\"wp-block-paragraph\">Genheimer said they analyzed several samples of the malware included in PirateFI, one found on the malware online repository VirusTotal, which was <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/steamcommunity-com.translate.goog\/discussions\/forum\/26\/595140423952896647\/?_x_tr_sl=ru&amp;_x_tr_tl=en&amp;_x_tr_hl=en&amp;_x_tr_pto=wapp\">apparently uploaded by a gamer in Russia<\/a>; another one they identified through SteamDB, a website that publishes information about games hosted on Steam. The researchers found another sample in a threat intelligence database they have access to. All three malware samples have the same functionality, according to Genheimer.<\/p>\n<p class=\"wp-block-paragraph\">Valve did not respond to TechCrunch\u2019s request for comment.<\/p>\n<p class=\"wp-block-paragraph\">Seaworth Interactive, the purported developers of <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/steamdb.info\/app\/3476470\/\">PirateFI<\/a>, has no apparent online presence. Until last week, the game had <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/PirateFiWeb3\">an X account<\/a>, which has now been removed. The account included a link to the game on Steam.<\/p>\n<p class=\"wp-block-paragraph\">The owners of the account did not respond to a request to chat via Direct Message before it was removed.<\/p>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMN63nwsw68G3Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/category\/technology\/\" target=\"_blank\" >Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techcrunch.com\/2025\/02\/18\/hackers-planted-a-steam-game-with-malware-to-steal-gamers-passwords\/\" target=\"_blank\" >Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last week, Valve removed a game from its online store Steam because the product was laced with malware.\u00a0 After the removal of the game, which was called PirateFI, security researchers analyzed the malware and found that whoever planted it modified an existing video game in an attempt to trick gamers into installing an info-stealer called&#8230;<\/p>\n","protected":false},"author":1,"featured_media":653984,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/02\/piratefi-steam-malware-vidar.png?resize=1200,604","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[75857,70375,10751,70513,154427,72287,79964,93672],"class_list":["post-653983","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-malware","tag-cybersecurity","tag-gaming","tag-hacking","tag-infostealer","tag-security","tag-steam","tag-valve"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/653983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=653983"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/653983\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/653984"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=653983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=653983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=653983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}