In brief
- A game released on Steam Early Access contained malicious software that could have compromised victims’ data, according to a report from cybersecurity firm Prodaft.
- Steam appears to have pulled the game from its pre-release Early Access platform.
- This isn’t the first time that games launched via the popular Steam platform have contained malware.
A pre-release game that launched on leading PC storefront Steam contained malware designed to target victims’ cryptocurrency wallets and personal data, according to a report from cybersecurity firm Prodaft.
Chemia, a survival game developed by Aether Forge Studios, was loaded by cybercriminal group EncryptHub (aka Larva-208) on July 22 with three types of malware: Hijack Loader, Fickle Stealer, and Vidar Stealer, Prodaft reported.
The former enables hackers to deploy privacy-breaching programs on an infected device. The latter two pieces of software aim to exploit digital asset wallets, in addition to accessing user data from web browsers, password managers, and other applications.
Tech outlet Bleeping Computer was first to report on the alleged malware-infested game. Following the report, Steam appears to have removed Chemia from its platform. A link to the game redirects visitors to the Stream homepage.
Steam did not immediately reply to Decrypt’s inquiry into the apparent removal of the game.
Chemia debuted via Steam Early Access, which allows users to download video games that are still under development and may have bugs or limited features.
The malware appeared to be linked to a Telegram channel, where the cybercriminals could manage the software, steal data, and launch attacks, according to Prodaft.
Steam’s security scare comes amid a global rise in cyberattacks.
Malware infections have risen 87% over the past 10 years, according to data compiled by Statista. Global cyber-economy researcher Cybersecurity Ventures forecasts cybercrimes will inflict $10.5 trillion in damages by the end of 2025, up from $3 trillion in 2015.
EncryptHub launched a spear-phishing and social engineering campaign with the same malware last year, compromising more than 600 organizations.
Amid the global rise in exploits, Steam has fielded several cases of malware infiltrating games on its Early Access platform. In March, malicious software was found in the game Sniper: Phantom’s Resolution. A month earlier, reports emerged that the title PirateFi appeared to contain a Windows-based malware designed to harvest sensitive information from unsuspecting downloaders’ devices.
Steam did not immediately respond to Decrypt’s request for comment on its process for vetting video games listed on its Early Access platform.
GG Newsletter
Get the latest web3 gaming news, hear directly from gaming studios and influencers covering the space, and receive power-ups from our partners.
Source: https://decrypt.co/332109/steam-game-loaded-malware-crypto-wallets-harvests-personal-infor