PirateFi, a Steam game, was found spreading Vidar malware, stealing user data. Steam removed it, but gamers must take urgent security steps.
Earlier this month, researchers discovered that a free-to-play game called PirateFi was distributing the Vidar information-stealing malware to users on gaming platform Steam. From Feb. 6-12, as many as 1,500 users downloaded the game before Steam removed it from the platform.
The situation should be a wake-up call for all gamers.
PirateFi is an immersive survival game involving gathering food and supplies, crafting tools and weapons, and building bases. The game can be played in single-player and multiplayer modes. It received a 9/10 rating and several glowing reviews.
While ratings and comments can be fabricated to boost engagement, it looked like PirateFi was on its way to becoming a major hit among gamers, as several people downloaded the game in the short time it was on Steam’s marketplace.
However, gamers were about to find out that PirateFi wasn’t the only thing they downloaded. Users started receiving messages on Telegram about an in-game chat moderator job that paid $17 an hour. The idea of getting paid to play and interact in the game — something they probably would’ve done for free — sounded too good to be true. One user in particular found this to be suspicious and did some digging.
First, he noticed the cadence of the messages. He saw that the replies from the “developer” were sent precisely 21 seconds after the previous message. If you’re not paying attention, you will probably miss that detail. However, message replies that are all evenly spaced are clear indicators of a fake and automated account — and you’re more than likely talking to a chatbot.
And that’s precisely what was happening: The chat moderator job didn’t exist.
The AI chatbot offered gamers the role to get them to download and install the game. So why lie about a job? Was it a malicious marketing ploy to boost their download numbers and popularity on Steam? Or was it something more sinister like social engineering or a phishing attack to steal user information or worse?
While users were starting to catch on that something was “fishy” about the chat moderator job, another user found out that it wasn’t the job that was the issue. It was the game itself.
This message on the Steam Games forum that we translated with Google shows that a user tried to install the game, but his antivirus software blocked it from being downloaded because it contained a file known as “Trojan.Win32.Lazzy.gen.”
After some review, it appeared that the “game” included other software that once PirateFi was installed and launched. A file called Howard.exe would be added to the user’s /AppData/Temp/****/ directory with a parameter called /VERYSILENT.
This means the action would happen in the background, and the status would not be displayed. It appears that PirateFi was distributing malware. So, what exactly is malware?
Malware is any kind of software designed to harm your computer or steal your information. Think of it like a digital virus. It can do all sorts of nasty things — from slowing down your computer, to stealing your passwords, and even giving hackers control over your entire system.
In the case of “PirateFi,” the malware was designed to steal passwords. After reviewing the malware, SECUINFRA identified the malware as a version of the Vidar infostealer and posted this message on social media:
“If you are one of the players who downloaded this “game”: Consider the credentials, session cookies, and secrets saved in your browser, email client, cryptocurrency wallets etc. compromised.”
If you played the game, the login details for your email, social media, banking, or any other online account you log into could have been compromised. Imagine the damage someone could do with that information.
For more information about malware and the different types, check out this article.
This incident highlights several critical points: First, regular social engineering techniques succeed more than fail. However, with AI, the chances of attackers succeeding in their attacks increase significantly. As a result, users must be more aware of online scams and phishing attacks.
Also, just because something is on a platform like Steam doesn’t automatically mean it’s safe or should be trusted. Unfortunately, bad actors can sometimes find ways to sneak malicious software into even seemingly reputable places.
Several affected users posted warnings on PirateFi’s Steam Community page, telling everyone to stay away from the game because it contains malware. In addition, Steam posted a message confirming the game contained malware and encouraged users to doa “full-system scan.”
If you downloaded “PirateFi,” here’s what you must immediately do:
In addition to what you need to do to protect yourself immediately, here’s how to protect yourself in the future:
The “PirateFi” situation is a reminder that malicious actors are always looking to steal data — even in the spaces you’d least suspect — and that online security is everyone’s responsibility. You should always verify the legitimacy of a game before downloading and installing it.
To verify new or lesser-known games on platforms like Steam or Epic:
By taking these precautions, you can significantly reduce your risk of falling victim to malware and enjoy your favorite activities, like playing video games.
