Malware-Infected Game Surfaces on Steam
On February 6, an unexpected incident unfolded in the gaming community as hackers successfully uploaded a pirate-themed survival game titled PirateFi onto the Steam platform, attributed to the developer Seaworth Interactive. This seemingly innocuous title harbored malware specifically designed to pilfer users’ browser cookies, raising significant concerns about cybersecurity within the gaming ecosystem.
Despite being available for download for at least a week, PirateFi was only removed from Steam after Valve became aware of the situation and alerted users regarding potential risks to their PCs. Prior to its delisting, estimates suggest that between 800 and 1,500 individuals may have downloaded the game, drawn in by its free-to-play model.
Interestingly, the promotional materials for PirateFi, including screenshots and videos, were reportedly lifted from an existing survival game known as Easy Survival RPG. This raises questions about the authenticity and intentions behind the game’s release.
Reports from PCMag indicated that some users’ antivirus programs flagged PirateFi as “Trojan.Win32.Lazzzy.gen,” a malware variant notorious for attempting to extract browser cookies. Such access could potentially compromise users’ online accounts, making the situation all the more alarming.
Further complicating matters, a representative for PirateFi was found posting job offers for an “in-game chat moderator” at a rate of on Telegram. One user speculated that they were interacting with a chatbot, given the rapidity of the responses, which included encouragement to download the malware-laden game.
In the aftermath of the game’s removal, Valve reached out to players who had engaged with PirateFi, informing them that the developer’s Steam account had uploaded builds containing suspected malware. Valve has since advised affected users to conduct thorough system scans with antivirus software and to scrutinize their PCs for any suspicious or newly installed applications. As a precautionary measure, the company even suggested that users consider reinstalling Windows to eliminate any lingering threats.
Notably, Seaworth Interactive had no prior history, with PirateFi being its sole offering. The absence of a dedicated website or social media presence for the developer should have raised red flags among potential players.
As inquiries into this incident continue, the pressing question remains: how did a game embedded with malware manage to infiltrate the Steam platform? Furthermore, what measures will Valve implement to safeguard against similar occurrences in the future?
