Wednesday, February 19, 2025

 

TECH


Le 28 septembre 2023, la plateforme Steam comptait près de 28 millions d'utilisateurs en ligne

Steam game found to contain info-stealing malware, Valve removes it from store

Valve is often criticized for allowing almost any game to be sold on Steam, no matter how amateurish it appears. However, despite the immense number of titles released daily, actual malware is almost unheard of on the storefront. But users might need to start exercising caution when downloading free-to-play games from new developers.

Users who installed the free-to-play game PirateFi from Steam should change their passwords and seriously consider reinstalling their operating systems. Valve removed the game after discovering it contained malware designed to steal account credentials and other info.

PirateFi initially appeared on February 6 and likely affected only a few hundred users before Valve delisted it a few days later. Accounts that downloaded and ran the game while malicious builds were active should receive an alert from the company recommending that they perform a virus scan and reformat their devices.

One user reported that their antivirus prevented the game from booting after flagging a trojan called "Win32.Lazzzy.gen," and Steam presented a hardware failure warning. They also suspected that the reviews were fake.

According to PCMag, other users lost their passwords, and some accounts were broken into using stolen cookies. In one case, the malware stole a Microsoft account, blocked Microsoft support from the associated emails, and sent scam links to the targeted users' contacts.

Furthermore, hackers attempted to distribute the game through Telegram. A suspected chatbot advertised a chat moderation job that paid $17 an hour, describing PirateFi as a web3 game with over 7,000 players. The mysterious account's consistent response time – 21 seconds, caused the recipient to suspect that it was run by an AI.

A SECUINFRA Falcon Team researcher told TechCrunch that PirateFi was likely designed to spread the Vidar info-stealer malware, suggesting that the hackers hadn't commandeered an initially legitimate game. They appeared to use ready-made assets from the Easy Survival RPG template, which likely helped PirateFi bypass Valve's security measures. Licensing the assets cost a few hundred dollars, which might have been cheap enough to make the scam profitable, depending on the number of infected users.

Vidar can steal browser history, cryptocurrency wallet information, browser autofill passwords, two-factor codes, and more. It can also steal session cookies to log into various services without a password. Impacted users might find a file called "Howard.exe" in AppData > Temp.

If affected users don't reinstall their operating systems – and they likely should – they should at least clear their browser history and change their passwords.

How did PirateFi and its malware work?...Along with the game installation was a malware known as Vidar. This malicious code has already been used in other attacks, such as in an attempt to steal data from the hotel reservation website Booking and in fake Google ads.

Vidar is an infostealer malware. The version used in PirateFi stole, among other data, passwords from the browser autofill feature, session cookies, browsing history, cryptocurrency wallet data, screenshots, PC files and two-factor authentication codes.

Marius Genheimer, from the security company Secuinfra Falcon Team, explains that the malware is extremely popular, sold under the Malware-as-a-Service (MaaS) model. This allows any user to acquire the program. This easy access makes it difficult to identify the group responsible for the game. However, an analysis by the Secuinfra Falcon Team showed that samples of Vidar used in PirateFi were found in a VirusTotal repository, and the uploader was apparently a gamer in Russia. Other samples were found in SteamDB and in the company's malware database.

How did the crackers develop a game to steal data?...PirateFi is created from a template game. Therefore, the crackers did not need to develop a game from scratch. All they had to do was acquire the license for Easy Survival RPG and make the necessary adjustments.

These small adjustments gave PirateFi a minimum of credibility, since releasing only the raw Easy Survival RPG on Steam would be problematic. First, it would not attract gamers, who might notice something suspicious. Second, improper use of the license could take down the game.

Seaworth Interactive, which appeared as the developer of PirateFi, does not have any online presence (such as a website or GitHub). It had an account on X that was recently deleted. The link in X's bio was the game's Steam page.

mundophone

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

  TECH Tocky:16,000mAh 45W Power Bank with Solar Charging Flying across the globe, hiking, or working on the go—Tocky keeps you powered. Wit...

  • (no title)
    TECH In Memoriam: The Tech That Died in 2018 A bongo enthusiast once said, "time is a flat circle," which is a pretentious...
  • (no title)
      HONOR Model 60 Pro: Sparkling design and camera configuration confirmed by teaser image Honor is not due to unveil the Honor 60 series for...
  • (no title)
      OPPO New and unprecedented model Find X6 will debut with a huge photo sensor Oppo has a strong smartphone lineup lately, offering great fo...