A free-to-play video game on Steam named 'PirateFi' has been unmasked as a malicious scheme to distribute the notorious Vidar info-stealer malware, prompting Valve to urgently remove the title and warn players that their computers—and sensitive data—may be compromised.  

According to a report by TechCrunch, security researchers revealed the game was a modified version of an existing template, designed solely to trick gamers into installing malware capable of stealing passwords, browser cookies, cryptocurrency wallets, and even two-factor codes.  

A wolf in game's clothing  

Last week, Valve pulled 'PirateFi' from Steam after discovering it contained malware. Researchers, including Marius Genheimer of the Secuinfra Falcon Team, a group dedicated to digital forensics, analysed the malicious code and identified it as Vidar, a widely used infostealer.  

"We suspect that 'PirateFi' was just one of multiple tactics used to distribute Vidar payloads en masse," Genheimer told TechCrunch, as per the report. "It is highly likely that it never was a legitimate, running game that was altered after first publication."

The hackers behind 'PirateFi' didn't start from scratch. Instead, they modified an existing game template called 'Easy Survival RPG', a $399-$1,099 tool that simplifies game development. This allowed them to quickly ship a seemingly functional game—complete with multiplayer features and a low-poly aesthetic—while embedding Vidar malware under the hood.  

But the scheme didn't stop at Steam. According to reports from TechCrunch and PCMag, users also flagged a shady job offer on Telegram promising $17 an hour to moderate PirateFi's in-game chat. The poster, active in US-frequented channels, turned out to be an AI bot. "Replies were eerily consistent—always 21 seconds," the source said. "It was bait to get people to download the game and infect their devices."  

What Vidar steals—and why it's dangerous  

As per the TechCrunch report, Vidar is no ordinary malware. Once installed, it can exfiltrate a treasure trove of sensitive data, including:  

• Passwords saved in browser autofill  
• Session cookies, enabling hackers to hijack accounts without needing passwords  
• Browser history and cryptocurrency wallet details  
• Screenshots and two-factor codes from token generators  
• Other files stored on the victim's computer  

This makes Vidar a potent tool for cybercriminals. TechCrunch says that this malware has been linked to high-profile campaigns, including attacks targeting Booking.com hotel credentials, ransomware deployments, and even malicious Google ads. According to the Health Sector Cybersecurity Coordination Center (HC3), Vidar has become "one of the most successful info-stealers" since its discovery in 2018.  

Vidar's widespread adoption is partly due to its availability as malware-as-a-service (MaaS), a model that lets even low-skilled hackers rent or purchase the tool, suggests the report. This makes tracing the culprits behind 'PirateFi' "very difficult," Genheimer explained, as Vidar is "widely adopted by many cybercriminals."  

Valve's warning to gamers  

After removing 'PirateFi', Valve notified affected users via email: "The developer uploaded builds containing suspected malware… It is likely these files launched on your computer." The company urged players to run antivirus scans, inspect their systems for suspicious software, and even consider fully reformatting their operating systems to ensure no traces of the malware remain.  

While Valve hasn't detailed the malware's mechanics, experts warn that stolen cookies let attackers bypass two-factor authentication, turning browser data into a skeleton key for accounts. Gaming platforms are ripe targets: Steam and popular titles often have deep system access, making them ideal vectors for infostealers. In 2023, hackers exploited an old 'Call of Duty' game to spread self-replicating malware, and in 2024, EA postponed an 'Apex Legends' tournament after a brazen hack hijacked players' PCs mid-match, as per TechCrunch reports. 

Gamers left in the crosshairs  

With 51 reviews averaging a suspicious 9/10 before its removal, PirateFi's reach remains unclear. Archived pages show the game was in beta, possibly limiting downloads—but those who took the bait now face sleepless nights. Valve's terse advisory offers little solace, leaving players to wonder: did hackers already plunder their digital lives?  

Regarding the incident, one Reddit user grimly concluded: "If it's too good to be true, it's probably malware." For gamers, PirateFi's sinking ship is a stark reminder: even trusted platforms aren't safe from pirates lurking in the code.