Last week, Valve removed the game from the online store steam due to the product being woven with malware.
After removing a game called Piratefi, security researchers analyzed the malware and discovered that the person who planted it tricked gamers into modifying existing video games to install an information steeler called Vidar did.
Marius Genheimer, a researcher who analyzes malware and works with the Secuinfra Falcon team, told TechCrunch that, based on the commands and control servers related to the malware and its configuration, “Piratefi is used to distribute Vidar payloads.” I suspect it's just one of the tactics of. In a large amount.”
“It's likely that it wasn't a legal running game that was changed since its first publication,” Genheimer said.
In other words, Piratefi is designed to spread malware.
Genheimer and colleagues also discovered that Piratefi was built by modifying an existing game template called Easy Survival RPG. Game makers range from $399 to $1,099 for licenses.
This explains how hackers were able to ship video games that worked with malware with little effort.
According to Genheimer, Vidar Infostealing Malware can steal and exclude several types of data from computers, such as: Web browser history, cryptocurrency wallet details, screenshots, and two-element code from a specific token generator, and other files for that person on the computer.
Vidar has several hacking campaigns, including those attempting to steal hotel qualifications on Booking.com, those aimed at deploying ransomware, and other efforts to plant malicious ads in Google search results. is used in. In 2024, the Health Sector's Cybersecurity Coordination Centre (HC3) reported that Vidar, first discovered in 2018, has “grown into one of the most successful infosealers.”
Infostealers is a common type of malware designed to steal information and data from the victim's computer. Infostealers are often sold as malware as a service. This means that malware can be purchased and used by hackers with little skill. This also identifies the person behind Pilatephi that makes it “very difficult,” Genheimer said, as Vidder is “widely adopted by many cybercriminals.”
Contact us Do you have any more information about hacks related to this malware or other video games? From unprocessed devices and networks, you can safely contact Lorenzo Franceschi-Bicchierai with a signal of +1 917 257 1382, via Telegram and Keybase @lorenzofb, or by email. You can also contact TechCrunch via SecureDrop.
Genheimer said he analyzed several samples of malware contained in PirateFi. This was found in Virustotal malware online repository and appears to have been uploaded by a Russian gamer. Another they identified through SteamDB is a website that publishes information about games hosted on Steam. Researchers found another sample in an accessible threat intelligence database. According to Genheimer, all three malware samples have the same functionality.
Valve did not respond to TechCrunch's request for comment.
Piratefi developer Seaworth Interactive has not revealed its online presence. Until last week, the game had an X account and is now deleted. Your account contains links to Steam games.
The account owner did not respond to requests to chat via a direct message before being deleted.