Steam Early Access Game Infected with Infostealer Malware
▼ Summary
– EncryptHub compromised the Steam game ‘Chemia’ to distribute info-stealing malware, including HijackLoader and Vidar infostealer.
– The malware retrieves command-and-control addresses from a Telegram channel and uses PowerShell to fetch additional payloads like Fickle Stealer.
– EncryptHub previously used similar malware in a large-scale campaign targeting over 600 organizations worldwide.
– The malware runs undetected in the background, leaving gamers unaware of the compromise, and the game remains available on Steam without official updates.
– This is the third malware incident on Steam this year, all involving early access games, suggesting lax review processes for such titles.
A recently discovered malware campaign has compromised a Steam Early Access game, secretly distributing dangerous info-stealing software to players. The threat actor, known as EncryptHub, injected malicious code into the game files of Chemia, a survival crafting title developed by Aether Forge Studios.
Security researchers at Prodaft uncovered the attack, tracing the initial compromise to July 22. The hackers embedded HijackLoader, a malware designed to establish persistence on infected devices, followed by Vidar, a notorious info-stealer capable of harvesting sensitive data like passwords, browser cookies, and cryptocurrency wallet details. Just hours later, a second payload, Fickle Stealer, was deployed through a malicious DLL file, further expanding the attack’s reach.
What makes this incident particularly concerning is how the malware operates. Unlike traditional attacks that rely on deceptive downloads, this campaign exploits Steam’s trusted platform, disguising the malicious files as legitimate game components. Players who launch the game unknowingly execute the malware, which runs silently in the background without affecting gameplay, making detection nearly impossible without specialized security tools.
EncryptHub has a history of cybercriminal activity, including large-scale phishing campaigns and zero-day exploits. However, they’ve also been linked to responsible vulnerability disclosures, creating an unusual duality in their operations. Researchers suspect insider involvement, though neither the game’s developers nor Valve, Steam’s parent company, have issued official statements.
As of now, Chemia remains available on Steam, raising concerns about whether the latest version is safe. Given the lack of clarity, players should avoid downloading the game until Valve confirms the threat has been neutralized. This marks the third malware incident on Steam this year, with previous cases involving Sniper: Phantom’s Resolution and PirateFi. All were Early Access titles, suggesting that Steam’s review process for unfinished games may need stricter oversight.
For those concerned about potential exposure, security experts recommend scanning systems for known indicators of compromise and monitoring for unusual activity. Until official updates emerge, vigilance remains the best defense against these stealthy threats.
(Source: BLEEPING COMPUTER)
