The researchers analyzed a game called PirateFi, which Valve urgently removed from Steam last week.
PirateFi contained Vidar malware, which activated after the game was downloaded and was capable of stealing several types of data from the computers it infected — including passwords saved for autocomplete in the browser, web browsing history, crypto wallet information, and some files from the PC itself.
According to SECUINFRA Falcon Team researcher Marius Henheimer, PirateFi was created by modifying an existing game template called Easy Survival RPG, which is positioned as a game creation program that «provides everything you need to develop your own single- or multiplayer game». The manufacturer’s license costs from $399 to $1099.
The Vidar infostyler has been used in hacker campaigns and has become widely «known» including through an attempt to steal Booking.com credentials and place malicious ads on Google. In 2024, the U.S. Healthcare Cybersecurity Coordination Center reported that Vidar, which was first discovered in 2018, has become one of the «most successful methods for stealing information».
Info-stealer (i.e. «thief») is a type of program that steals personal data for further use and has become widespread because malware can be purchased and used even by hackers with little skill. In fact, this also makes it difficult to identify the thieves behind PirateFi.
Seaworth Interactive, which is listed as the developer of PirateFi, has no «obvious» presence on the Internet. Last week, an account with X was showing up in the game, but it has now been removed.
It is not known how many players managed to download PirateFi, but with pages in the archive you can see that the game had 94% positive feedback based on 19 reviews.
Source: TechCrunch
Spelling error report
The following text will be sent to our editors: