Steam users must scan their systems for possible malware infection as the service warns users of a malicious game. As disclosed, Steam caught a new game “PirateFi” delivering malware to the players’ devices.
PirateFi Steam Game Sneakily Deployed Malware
Steam recently sent out alerts to impacted users about a possible malware infection from a newly listed game PirateFi.
This game appeared on Steam earlier this month. Its description mentioned it as a survival game, where the player had to establish life in the open sea. Players could either play the game solo or add friends as they proceed. For its adventurous and exploring essence, this simulation game garnered positive reviews.
However, after staying online for about a week, Steam eventually removed the game from the platform, citing malware concerns. According to a notification shared via an X post, they found malware in the game that likely infected players’ devices. They also shared the same notification with potentially impacted users via email.
In addition, Steam users who played PirateFi also posted warnings in the forum for other users as they received malware alerts from their antivirus programs after downloading the game.
While Steam didn’t name the exact malware type, the SECUINFRA Falcon Team confirmed that the malware acted as a password stealer. Their analysis of the malware sample obtained from PirateFi showed that it was likely a Vidar stealer variant.
In its X post, the SECUINFRA Falcon Team warned users about data loss through this malware.
Consider the credentials, session cookies and secrets saved in your browser, email client, cryptocurrency wallets etc. compromised.
The security team recommended that users manually remove the game files from their systems to eliminate the malware. Users should clean the game files from the Steam Library and %Temp% folders in particular.
Besides, Steam advised all PirateFi players to scan their systems with robust antivirus solutions to remove the malware.
This isn’t the first time Vidar Stealer has appeared on a public and relatively safe platform to target users. In the past, this malware has exploited the remote desktop management service AnyDesk and YouTube to target users.
Let us know your thoughts in the comments.
