Malicious Code Found Embedded in Steam Downloads

anti-malware_software, malware, Ophtek, PirateFi, security, Steam, vidar, , , , ,
18
Mar 2025

A malicious game on Steam called PirateFi was found to contain malware which steals personal information, highlighting the risks of unverified downloads.

A recent attack involving a game on Steam has highlighted the importance of vigilance when downloading software. The game, called PirateFi, was available to download on Steam – an online platform for buying and playing games – but contained malware designed to steal personal data from players’ computers.

Pirates Strike Gold on Infected Systems

PirateFi – which was a free to play game – was developed by Seaworth Interactive and available on Steam from February 6th to February 12th, 2025. Promising an engaging and challenging survival experience, setting players objectives such as base building, food gathering, and making weapons, PirateFi was downloaded by around 1500 players and generated numerous positive reviews.

However, it was soon discovered that PirateFi was not simply a game meant to excite players and take their minds off the real world. Reports soon emerged that the game contained malware known as Vidar, a data-stealing program. Vidar is designed to harvest sensitive data from infected computers, so this could easily include passwords, financial information, and personal documents. Rather than Vidar being bundled with PirateFi as bloatware, Vidar was embedded within the game’s files, allowing it to be launched when the game was started.

Valve, the company behind Steam, quickly removed PirateFi from their platform on February 12th, when the threat was identified. They were also swift in issuing security notifications to those who had downloaded the game. Valve’s advice was, for those who had downloaded PirateFi, to run a full system scan using up-to-date antimalware software to detect and remove any dangerous files. Alternatively, Valve suggested that those at risk fully reinstalled their operation system to ensure Vidar was completely removed.

Staying Safe from Dangerous Downloads

This attack underlines the ingenuity and evolving tactics of threat actors, who are increasingly targeting popular platforms like Steam and GitHub to distribute their malware.

By disguising their malware as legitimate tools on these platforms, the threat actors are exploiting the trust users place in these websites. For a threat actor, this is fantastic as it opens up their attack to a huge audience. However, for a user it’s highly frustrating and dangerous. Accordingly, you need to practice the following to remain safe:

  • Be Cautious with Unverified Software: Before downloading and installing new software, especially from lesser-known sources, always take the time to research the application. Seek out reviews from reputable sources and check for any reports of malicious activity relating to the software.
  • Keep Your Security Software Updated: Ensure that your antivirus and anti-malware programs are always up to date. Regularly scan your system for potential threats, particularly after installing new applications. Updated security software can detect, quarantine and delete the latest malware threats before they can take hold of your system.
  • Monitor for Unusual Activity: Always be mindful of any suspicious activity on your networks, such as unusual drops in performance, unfamiliar programs executing, or unauthorized access to your accounts. If you notice signs such as these, there’s a chance that your network has been breached.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Malicious Macros Target Old Versions of MS Office

anti-malware_software, Brute_Ratel, Havoc, macros, malware, MS_Office, Ophtek, PhantomCore, Phishing, security_updates, , , , , , , , , ,
01
Oct 2024

Macros make our lives easier when it comes to repetitive tasks on PCs, but they’re also a potential route for malware to take advantage of.

The most up to date version of MS Office prevents macros from running automatically, and this is because macros have long been identified as a major malware risk. However, older versions of MS Office still run macros automatically, and this puts the PC running it at risk of being compromised. Legacy software, such as outdated versions of MS Office, comes with a number of risks and drawbacks, but budgetary constraints mean many businesses are unable to update.

Malicious MS Office Macro Clusters

A macro is a mini program which is designed to be executed within a Microsoft application and complete a routine task. So, for example, rather than taking 17 clicks through the Microsoft Word menu to execute a mail merge, you can use a single click of a macro to automate this process. Problems arise, however, when a macro is used to complete a damaging process, such as downloading or executing malware. And this is exactly what Cisco Talos has found within a cluster of malicious macros.

Several documents have been discovered which contain malware-infected macros, and they all have the potential to download malware such as PhantomCore, Havoc and Brute Ratel. Of note is that all of the macros detected so far appear to have been designed with the MacroPack framework, typically used for creating ‘red team exercises’ to simulate cybersecurity threats. Cisco Talos also discovered that the macros contained several lines of harmless code, this was most likely to lull users into a false sense of security.

Cisco Talos has been unable to point the finger of blame at any specific threat actor. It’s also possible that these macros were originally designed as a part of a legitimate cybersecurity exercise. Regardless of the origins of these macros, the fact remains that they have the potential to expose older versions of MS office to dangerous strains of malware.

Protect Your Systems from Malicious Macros

The dangers of malicious macros require you to remain vigilant about their threat. Clearly, with this specific threat, the simplest way to protect your IT systems is to upgrade to the latest version of MS Office. This will enable you to block the automatic running of macros and buy you some thinking time when you encounter a potentially malicious macro. As well as this measure, you should also ensure you’re following these best practices:

  • Always Verify Email Attachments: a common delivery method for malicious macros is through attachments included with phishing emails. This is why it’s crucial that you avoid opening macros in documents which have been received from unknown sources. As with all emails, it’s paramount that you verify the sender before interacting with any attachments.
  • Install All Security Updates: almost all software is regularly updated with security patches to prevent newly discovered vulnerabilities from being exploited. Macros are often used to facilitate the exploitation of software vulnerabilities, so it pays to be conscientious and install any security updates as soon as they’re available.
  • Use Anti-Malware Software: security suites, such as AVG, perform regular, automated scans of your PCs to identify any potential malware infections. In particular, many of these security suites target malicious macros, so they make a useful addition to your arsenal when targeting the threat of macros.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More