Last week, Valve took swift action to remove a game called PirateFI from its online store Steam, after security researchers discovered that the game was infected with malware. The malware, known as Vidar, is a potent info-stealer capable of exfiltrating sensitive user data, including passwords, session cookies, web browser history, and cryptocurrency wallet details.

According to Marius Genheimer, a researcher at Falcon Team, the malware was designed to trick gamers into installing Vidar, which has been used in several high-profile hacking campaigns. Genheimer and his colleagues analyzed the malware and found that PirateFI was built by modifying an existing game template called Easy Survival RPG, a game-making app that costs between $399 and $1,099 to license. This allowed the hackers to create a functioning video game with minimal effort, making it difficult to detect the malware.

Vidar, first discovered in 2018, has grown to be one of the most successful infostealers, according to the Health Sector Cybersecurity Coordination Center (HC3). It has been used in hacking campaigns aimed at stealing Booking.com's hotel credentials, deploying ransomware, and planting malicious advertisements on Google search results. The malware is often sold in the malware-as-a-service model, making it accessible to hackers with limited skills.

Genheimer noted that identifying the individuals behind PirateFI is challenging due to Vidar's widespread adoption by many cybercriminals. The researchers analyzed several samples of the malware, including one found on the malware online repository VirusTotal, which was uploaded by a gamer in Russia, and another identified through SteamDB, a website that publishes information about games hosted on Steam.

Valve did not respond to requests for comment on the removal of PirateFI. The purported developers of the game, Seaworth Interactive, have no apparent online presence, and their X account, which included a link to the game on Steam, has been removed. The owners of the account did not respond to a request to chat via Direct Message before it was removed.

The incident highlights the importance of vigilance in the gaming community, particularly on platforms like Steam, where users may be unaware of the risks associated with downloading and installing games. As the gaming industry continues to grow, it is essential for developers, publishers, and platform holders to prioritize security and protect users from malware and other cyber threats.

For those who may have been affected by the PirateFI malware, it is crucial to take immediate action to protect their sensitive data. This includes changing passwords, updating security software, and monitoring for suspicious activity on their devices.

The removal of PirateFI from Steam serves as a reminder of the ongoing battle against cybercrime in the gaming industry. As users, developers, and platform holders, it is essential to remain proactive in identifying and combating malware threats to ensure a safe and secure gaming experience.