Steam's PirateFi game infected 1,500+ users with Vidar malware, targeting crypto data. Immediate password reset & OS reinstall advised. Details inside

Continue reading
Steam, the world’s largest PC gaming platform, is scrambling to contain fallout after a malicious free-to-play game, PirateFi, was found distributing the notorious Vidar infostealer malware to unsuspecting users. The incident highlights alarming gaps in digital storefront security and underscores the growing sophistication of threat actors targeting gaming communities.
Disguised as a charming survival game featuring pirate-themed base-building and crafting mechanics, PirateFi was uploaded to Steam on February 6 by a developer account named Seaworth Interactive. The game amassed positive reviews during its brief tenure, with players praising its “low-poly aesthetic” and “addictive gameplay.” However, behind the innocuous facade lurked a dangerous payload.
Steam removed PirateFi on February 12 after detecting malware in its build files. The platform has since issued urgent warnings to ~1,500 potentially impacted users, advising them to “consider reinstalling Windows” and perform full antivirus scans. Affected players reported antivirus alerts upon launching the game, with traces of malicious activity traced to a file named `Pirate.exe`.
According to malware analyst Marius Genheimer of SECUINFRA Falcon Team, the attack leveraged a multi-stage deployment process:
_“The threat actor clearly targeted users interested in blockchain or crypto,”_ Genheimer stated, pointing to PirateFi’s branding as a deliberate lure for victims with high-value digital assets.
While Steam’s notification urged users to wipe their OS and reset passwords, critics argue the platform’s safeguards remain inadequate. Despite 2023 updates like SMS-based verification for developer accounts, attackers still infiltrated the storefront.
_“This incident reveals systemic flaws,”_ said cybersecurity researcher Emily Parker. _“Steam must implement stricter vetting for new developers and real-time malware analysis for uploads.”_
SECUINFRA warns that Vidar’s data theft capabilities leave victims vulnerable to:
Recommended Mitigations:
This isn’t Steam’s first malware incident. In 2023, malicious Dota 2 mods exploited a Chrome zero-day to execute remote code, while compromised Slay the Spire mods delivered the Epsilon infostealer. Despite Steam’s dominance, its open modding ecosystem and developer accessibility make it a ripe target for threat actors.
The PirateFi incident underscores critical challenges for digital platforms:
As Steam investigates how Seaworth Interactive bypassed safeguards, users are reminded: Free games often come at a hidden cost.
Update (February 15): Steam has temporarily suspended all new game submissions for review. The PirateFi developer account remains banned, and Valve is coordinating with law enforcement.
For technical indicators of compromise (IOCs) and YARA rules, visit SECUINFRA’s advisory [here].
— Reported in collaboration with BleepingComputer and SteamDB.

Chinese-speaking TA4922 expands into Europe, deploying new Atlas RAT malware in phishing campaigns targeting organizations across sectors.