{"id":21299,"date":"2025-02-19T14:35:26","date_gmt":"2025-02-19T12:35:26","guid":{"rendered":"https:\/\/forklog.com\/en\/researchers-uncover-cryptocurrency-key-thief-in-steam-game\/"},"modified":"2025-02-19T14:35:26","modified_gmt":"2025-02-19T12:35:26","slug":"researchers-uncover-cryptocurrency-key-thief-in-steam-game","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/researchers-uncover-cryptocurrency-key-thief-in-steam-game\/","title":{"rendered":"Researchers Uncover Cryptocurrency Key Thief in Steam Game"},"content":{"rendered":"<p>Malefactors exploited a game on the Steam platform to disseminate the Vidar malware, capable of extracting critical data from a victim&#8217;s computer, including cryptocurrency wallet keys. This was reported by <a href=\"https:\/\/techcrunch.com\/2025\/02\/18\/hackers-planted-a-steam-game-with-malware-to-steal-gamers-passwords\">TechCrunch<\/a>, citing SECUINFRA experts.<\/p>\n<p>The application, now removed from Steam, was a modified version of the Easy Survival RPG game template. According to SECUINFRA analyst Marius Genheimer, PirateFi was initially conceived solely as a carrier for malicious code, and with a ready-made kit, hackers quickly crafted a plausible &#8220;pirate RPG&#8221; facade.<\/p>\n<p>The organizers showed particular interest in the Web3 audience, styling the project&#8217;s name and account address on X to resemble the DeFi segment, and also promised to release their own token on Solana.<\/p>\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXdXoiHmGkVnU0S4J0fDzrg8bIJWW5PlxBPf6o2lKTsfWgNxhdzq05T_TjWUn6yX_0BGhC1w86t2jSwW2K8mgKsEL_gK2Xqp1OrGypgxIxgZ7YmM_2lGYkubdsXl4Me4pOHO7ONa?key=t1uV-i1bYpFkOta3drep-kMC\" alt=\"Researchers Uncover Cryptocurrency Key Thief in Steam Game\" style=\"width:452px;height:auto\"\/><figcaption class=\"wp-element-caption\">Screenshot of messages from the deleted PirateFi account on X. Data: TechCrunch.<\/figcaption><\/figure>\n<p>According to an archived copy of the game&#8217;s page, the description on Steam <a href=\"https:\/\/web.archive.org\/web\/20250208024134\/https:\/\/store.steampowered.com\/app\/3476470\/PirateFi\/\">made no mention<\/a> of any Web3 elements. In 2021, Valve, the operating company, banned applications using blockchain or directly incorporating NFTs from the platform.<\/p>\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXcvbS9S_qUn0sjOH8G9epI6BAeOwhvxFibuxK0gbirA1trouesJC2-oqQu4xxAiI7yYsH0Hesq_QTaW8Uyb6k46OpLjo-bSC6yD5isEyylqk9oUZ9rTZtkodMwnHOh1tQFefMqXCg?key=t1uV-i1bYpFkOta3drep-kMC\" alt=\"Researchers Uncover Cryptocurrency Key Thief in Steam Game\" style=\"width:453px;height:auto\"\/><figcaption class=\"wp-element-caption\">Message from Steam support addressed to PirateFi players. Data: <a href=\"https:\/\/x.com\/SteamDB\/status\/1889610974484705314\/photo\/1\">X<\/a>.<\/figcaption><\/figure>\n<p>Following the discovery and removal of the application, the Steam team notified users of the incident and recommended they scan their devices with antivirus software.<\/p>\n<p>SECUINFRA noted that Vidar is capable of stealing and transmitting a set of sensitive data from an infected computer to the operator: information about cryptocurrency wallets, passwords from the browser&#8217;s autofill database, cookies, browsing history, screenshots, two-factor authentication codes, and other files.<\/p>\n<p>Experts analyzed the structure of the virus-related control servers and concluded that the game was merely an element of a broader strategy for mass virus distribution.<\/p>\n<p>According to Genheimer, Vidar is a popular malware that can be easily purchased, significantly complicating the search for the perpetrators.<\/p>\n<p>Earlier, analysts at Merkle Science described the main tactics of crypto fraudsters in 2024.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malefactors exploited a game on the Steam platform to disseminate the Vidar malware, capable of extracting critical data from a victim&#8217;s computer, including cryptocurrency wallet keys. This was reported by TechCrunch, citing SECUINFRA experts. The application, now removed from Steam, was a modified version of the Easy Survival RPG game template. According to SECUINFRA analyst [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":21298,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1111,1246,251],"class_list":["post-21299","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybersecurity","tag-scammers","tag-steam"],"aioseo_notices":[],"amp_enabled":true,"views":"49","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/21299","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=21299"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/21299\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/21298"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=21299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=21299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=21299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}