Malware infiltrating the Steam store is not common, but it's not unprecedented either. In February 2023, Steam users were targeted by malicious Dota 2 game modes that leveraged a Chrome n-day exploit to perform remote code execution on the players' computers. A free-to-play game named PirateFi in the Steam store has been distributing the Vidar infostealing malware to unsuspecting users. Impacted users have also posted warnings on the title's Steam Community page, telling others not to launch the game as their antivirus recognized it as malware. Steam did not publish figures on how many users have been impacted by the PirateFi malware but statistics on the title's page shows that up to 1,500 individuals may be impacted. Earlier this week though, Steam discovered that the game contained malware but the service did not specify the exact type. "The Steam account of the developer for this game uploaded builds to Steam that contained suspected malware," reads the notification. Steam has introduced additional measures like SMS-based verification to protect players from unauthorized malicious updates, but the case of PirateFi shows that these measures are insufficient. "You played PirateFi (3476470) on Steam while these builds were active, so it is likely that these malicious files launched on your computer," the service warns.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 14 Feb 2025 17:35:16 +0000