Last week, Valve removed a game from its online store Steam because the product was equipped with malware.
After deleting it in a game called Piratefi, security researchers analyzed the malware and found that people who implanted it would modify existing video games in an attempt to trick gamers into installing an information enterprise called Vidar.
Marius Genheimer, a researcher who analyzed the malware and worked on the Secuinfra Falcon team, told TechCrunch that by judging by the command and control servers related to the malware and its configuration, “We suspect that Piratefi is just one of a variety of strategies used to distribute Vidar Poreloads. A large number of them.”
"There is a good chance that no legitimate running game has ever been changed after its first publication," Genheimer said.
In other words, Piratefi is designed to spread malware.
Genheimer and colleagues also found that Piratefi was built by modifying an existing game template called Easy Survival RPG, which treats itself as a gamemaking app that “provides you with single-player development to develop your own. Everything you need for a game or multiplayer game. The license price of this game maker is between $399 and $1,099.
This explains how hackers use their malware to ship functional video games with little effort.
According to Genheimer, the Vidar InfoStealing malware is able to steal and delete several types of data from IT-infected computers, including: passwords from the web browser's auto-filling feature, cookies that can be used to log in, and can be used as someone, Without their passwords, web browser history, cryptocurrency wallet details, screenshots and two-factor codes from certain token generators and other files on people's computers.
Vidar has been used in multiple hacking activities, including one attempt to steal Booking.com's hotel certificates, other purposes for the goal of deploying ransomware, and another effort to engage in malicious advertising on Google search results. In 2024, the Health Department Cybersecurity Coordination Center (HC3) reported that Vidar first discovered in 2018 that it had “grown into one of the most successful Infostealers.”
InfoStealers are common types of malware designed to steal information and data from victims' computers. InfoStealers are usually sold as a service model for malware, meaning that even hackers with little skill can buy and use malware. Genheimer said this also makes it possible to determine who is behind Piratefi "very difficult" because Vidar is "widely adopted by many cybercriminals."
Contact Us
Do you have more information about this malware or other video game-related hackers? With non-working devices and networks, you can contact Lorenzo Franceschi-Bicchierai in a signal on +1 917 257 1382, or via Telegram and KeyBase @lorenzofb or email. You can also contact TechCrunch via Securedrop.Genheimer said they analyzed samples of some malware contained in Piratefi, one of which was found on Virustotal, an online malware repository, apparently uploaded by players in Russia; they identified another website through SteamDB, which published it Information about games hosted on Steam. The researchers found another sample in a threat intelligence database they could access. According to Genheimer, these three malware samples have the same functionality.
Valve did not respond to TechCrunch's request for comment.
Seaworth Interactive, the alleged Piratefi developer, has no obvious online presence. Until last week, the game had an X account, which has now been deleted. This account includes links to play games on Steam.
The owner of the account did not respond to a request through a direct message chat before deleting it.