A malicious free-to-play game on Steam has been identified as a vector for distributing dangerous malware to users. PirateFi, released by Seaworth Interactive between February 6-12, potentially infected up to 1,500 users with the Vidar infostealer malware.

Security Analysis
Security researcher Marius Genheimer from SECUINFRA Falcon Team confirmed the presence of Vidar malware, hidden within the game’s Pirate.exe file. The malware was packaged using InnoSetup installer and employed various obfuscation techniques to avoid detection. The game’s cryptocurrency-themed name appears deliberately chosen to target specific user groups.

Impact and Risks
– Compromised credentials
– Stolen browser cookies and sessions
– Exposed email client data
– Vulnerable cryptocurrency wallets
– Potential system-wide infection

Steam’s Response
Steam has:
– Removed the game from their store
– Notified affected users
– Recommended complete Windows reinstallation
– Advised running antivirus scans
– Suggested checking for unauthorized software

Security Recommendations
Users who downloaded PirateFi should:
1. Change all account passwords
2. Enable multi-factor authentication
3. Scan systems with updated antivirus
4. Consider OS reinstallation
5. Monitor accounts for suspicious activity

This incident highlights ongoing security challenges in digital distribution platforms, despite Steam’s protective measures like SMS verification for updates. It follows similar security breaches involving Dota 2 game modes and Slay the Spire mod compromises in recent years.