Ahoy, gamers! Hope you weren’t sailing the high seas of Steam with a recently released free-to-play game called PirateFi. Turns out, this seemingly innocent survival title was caught hoisting the Jolly Roger of malware distribution, specifically the Vidar infostealer.
The game, available between February 6th and February 12th, managed to sneak past Steam’s defenses and potentially infect up to 1,500 users. Steam has already sent out warnings, advising affected users to take drastic action, including a full OS reinstall. That’s never fun.
What happened?
PirateFi, developed by Seaworth Interactive, presented itself as a low-poly survival game where you build bases, craft weapons, and gather food. Early reviews were even positive! However, Steam detected malicious content, and the situation quickly unraveled.
Marius Genheimer from SECUINFRA Falcon Team dug into the malware and identified it as Vidar, a known information stealer. This nasty piece of software grabs credentials, session cookies, and data from your browsers, email clients, and even cryptocurrency wallets. Basically, anything valuable stored on your system could be compromised.
What should you do?
If you downloaded and played PirateFi, take this very seriously. SECUINFRA recommends:
- Changing passwords: update passwords for all potentially affected accounts. Yes, it’s a pain, but it’s crucial.
- Enable multi-factor authentication (MFA): where available, activate MFA for an extra layer of security.
- Run a full system scan: use an up-to-date antivirus program to scan your entire system.
- Look for suspicious software: check for any newly installed programs you don’t recognize.
- Consider an OS Format: Steam is recommending a full OS reinstall as a precaution. This is the most thorough approach to ensure complete removal of the malware.
The technical details
The Vidar malware was hidden within the Pirate.exe file, disguised as a payload (Howard.exe) and packed with an InnoSetup installer. The attackers reportedly modified the game files multiple times, using obfuscation techniques and rotating command-and-control (C2) servers to make detection more difficult. Clever, but not clever enough.
Genheimer believes the cryptocurrency/Web3 theme of the game’s name was a deliberate attempt to target a specific user base.
Lessons learned
This incident highlights that even platforms like Steam aren’t immune to malware threats. While Steam has implemented security measures, determined attackers can still find ways to slip through. Staying vigilant, running reputable antivirus software, and being cautious about downloading free or unknown games are essential for protecting yourself. It also shows the importance of a quick response from platforms like Steam, and the value of researchers like those at SECUINFRA who can quickly identify and analyze these threats.
Stay safe out there, and think twice before downloading that “free” game!