Researchers Uncover Cryptocurrency Key Thief in Steam Game

Malefactors exploited a game on the Steam platform to disseminate the Vidar malware, capable of extracting critical data from a victim’s computer, including cryptocurrency wallet keys. This was reported by TechCrunch, citing SECUINFRA experts.

The application, now removed from Steam, was a modified version of the Easy Survival RPG game template. According to SECUINFRA analyst Marius Genheimer, PirateFi was initially conceived solely as a carrier for malicious code, and with a ready-made kit, hackers quickly crafted a plausible “pirate RPG” facade.

The organizers showed particular interest in the Web3 audience, styling the project’s name and account address on X to resemble the DeFi segment, and also promised to release their own token on Solana.

According to an archived copy of the game’s page, the description on Steam made no mention of any Web3 elements. In 2021, Valve, the operating company, banned applications using blockchain or directly incorporating NFTs from the platform.

Following the discovery and removal of the application, the Steam team notified users of the incident and recommended they scan their devices with antivirus software.

SECUINFRA noted that Vidar is capable of stealing and transmitting a set of sensitive data from an infected computer to the operator: information about cryptocurrency wallets, passwords from the browser’s autofill database, cookies, browsing history, screenshots, two-factor authentication codes, and other files.

Experts analyzed the structure of the virus-related control servers and concluded that the game was merely an element of a broader strategy for mass virus distribution.

According to Genheimer, Vidar is a popular malware that can be easily purchased, significantly complicating the search for the perpetrators.

Earlier, analysts at Merkle Science described the main tactics of crypto fraudsters in 2024.