Malicious Code Found Embedded in Steam Downloads

anti-malware_software, malware, Ophtek, PirateFi, security, Steam, vidar, , , , ,
18
Mar 2025

A malicious game on Steam called PirateFi was found to contain malware which steals personal information, highlighting the risks of unverified downloads.

A recent attack involving a game on Steam has highlighted the importance of vigilance when downloading software. The game, called PirateFi, was available to download on Steam – an online platform for buying and playing games – but contained malware designed to steal personal data from players’ computers.

Pirates Strike Gold on Infected Systems

PirateFi – which was a free to play game – was developed by Seaworth Interactive and available on Steam from February 6th to February 12th, 2025. Promising an engaging and challenging survival experience, setting players objectives such as base building, food gathering, and making weapons, PirateFi was downloaded by around 1500 players and generated numerous positive reviews.

However, it was soon discovered that PirateFi was not simply a game meant to excite players and take their minds off the real world. Reports soon emerged that the game contained malware known as Vidar, a data-stealing program. Vidar is designed to harvest sensitive data from infected computers, so this could easily include passwords, financial information, and personal documents. Rather than Vidar being bundled with PirateFi as bloatware, Vidar was embedded within the game’s files, allowing it to be launched when the game was started.

Valve, the company behind Steam, quickly removed PirateFi from their platform on February 12th, when the threat was identified. They were also swift in issuing security notifications to those who had downloaded the game. Valve’s advice was, for those who had downloaded PirateFi, to run a full system scan using up-to-date antimalware software to detect and remove any dangerous files. Alternatively, Valve suggested that those at risk fully reinstalled their operation system to ensure Vidar was completely removed.

Staying Safe from Dangerous Downloads

This attack underlines the ingenuity and evolving tactics of threat actors, who are increasingly targeting popular platforms like Steam and GitHub to distribute their malware.

By disguising their malware as legitimate tools on these platforms, the threat actors are exploiting the trust users place in these websites. For a threat actor, this is fantastic as it opens up their attack to a huge audience. However, for a user it’s highly frustrating and dangerous. Accordingly, you need to practice the following to remain safe:

  • Be Cautious with Unverified Software: Before downloading and installing new software, especially from lesser-known sources, always take the time to research the application. Seek out reviews from reputable sources and check for any reports of malicious activity relating to the software.
  • Keep Your Security Software Updated: Ensure that your antivirus and anti-malware programs are always up to date. Regularly scan your system for potential threats, particularly after installing new applications. Updated security software can detect, quarantine and delete the latest malware threats before they can take hold of your system.
  • Monitor for Unusual Activity: Always be mindful of any suspicious activity on your networks, such as unusual drops in performance, unfamiliar programs executing, or unauthorized access to your accounts. If you notice signs such as these, there’s a chance that your network has been breached.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Vidar and GandCrab Combine for a Double Attack

Ophtek, Security, Security Threats, vidar, , , , ,
05
Feb 2019

One set of malware is bad enough for most organizations to deal with, but what should they do when they’re hit with two sets at once?

Hackers are constantly trying to breach the defenses of PC users, but it’s not easy for them to succeed. Defenses are constantly improving and PC users are becoming more technically minded when it comes to hacking. Attacks, therefore, need to be cleverer and more aggressive for hackers to succeed. And one of the newest threats to PC defenses is a combined attack which teams up multiple forms of malware to pack a devastating punch.

In particular, reports are coming in that hackers are combining the data miner Vidar alongside the GandCrab ransomware to maximize their chances of success. And it’s proving to bear fruit for the hackers, so it’s crucial that you understand the risk.

The Double Whammy of Vidar and GandCrab

The combined attack of Vidar and GandCrab was identified by Malwarebytes Labs who observed that the hack first installs Vidar and then proceeds to strengthen the attack with GandCrab. Using malicious advertising software, the hackers expose users to an exploit kit (usually Fallout) which targets vulnerabilities in specific apps. Once this exploit kit has been executed, Vidar is installed on the infected PC and proceeds to mine user data such as communications, digital wallet info and login details.

This attack is bad enough, but the victim things are about to get worse as Vidar is capable of downloading additional malware. Using a command and control center to receive and transmit data, Vidar will, after a minute of its own installation, download and execute the GandCrab ransomware. It’s true that Ransomware has, to a degree, fallen out of favor with hackers over the last year, but it still has the potential to cause severe disruption for organizations. Encrypting files and then demanding a ransom will stifle the productivity of any organization effected, even if backup copies are available.

Protecting Your Organization from Vidar and GandCrab

It’s clear to see that the two headed attack of Vidar and GandCrab is particularly nasty and one to watch out for. In order to understand how to protect your organization from this threat, you need to understand how this attack is able to take place. As ever, that age old favorite of unpatched software is squarely to blame and, on this occasion, it’s Adobe’s Flash Player and Microsoft’s Internet Explorer.

Anti-malware software is now capable of detecting Vidar when it’s found within your PC, but the easiest option for any organization is to avoid allowing it access in the first place. One of the keenest security practices to adhere to is the installation of software patches as soon as they become available. Sadly, this task is often superseded by more immediate, pressing matters and this grants hackers more time to detect and exploit these vulnerabilities. However, with what is usually just a few clicks of a mouse, protection from potential security threats can be implemented by immediately installing patches.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More