HQ/EMEAFind out how we can help your business
PirateFi, an online game on Steam, has launched the notorious spyware Vidar on gamers’ devices.
Reports claim that the game was up for grabs on Steam for over a week earlier this month and downloaded by at least 1,500 individuals. Hence, a distribution service is issuing alerts to potentially affected consumers, instructing them to reinstall Windows as a precautionary method.
The malware-laden PirateFi game arrived on Steam this month.
Seaworth Interactive released PirateFi on Steam this month and has immediately garnered great feedback. The game has a low-poly survival gameplay in which players build bases, create weapons, and gather food.
Steam discovered that the game included malware, but the service did not disclose which type. The message states that the developer of this game uploaded builds to Steam that contained suspected malware.
One of the notifications stated that if a player has already played PirateFi (3476470) on Steam while these builds were active, the malicious files have most likely started on their devices.
Notification recipients are urged to run a comprehensive system scan with an up-to-date antivirus, look for newly installed software that they do not recognise, and consider an OS format.
Users who have been impacted have also posted warnings on the Steam Community page, instructing others not to launch the game since their antivirus software detected it as malware.
On the other hand, a researcher who received a sample of the malware disseminated via PirateFi recognised it as a variant of the Vidar infostealer. It immediately cautions players who downloaded this “game” to consider the credentials, session cookies, and secrets kept in their browsers, email clients, cryptocurrency wallets, etc.
The advice is to reset the passwords for all potentially compromised accounts and enable MFA whenever possible. Based on dynamic analysis and YARA signature matching, the virus, identified as Vidar, was concealed in Pirate.exe as a payload bundled with the InnoSetup installation.
Furthermore, the researchers suspect the threat actor frequently updated the game files, utilising various obfuscation techniques and modifying the C2 servers to facilitate credential exfiltration.
They also believe that the Web3/blockchain/cryptocurrency allusions in the PirateFi name were intended to attract a specific user base.
As of now, Steam has not released information on how many users have been affected by the PirateFi malware. Still, a recent tally on the title’s page suggests that up to 1,500 people could be affected.
