PirateFi Game Spreads Vidar Infostealer

Earlier this month, researchers discovered that a free-to-play game called PirateFi was distributing the Vidar information-stealing malware to users on gaming platform Steam. From Feb. 6-12, as many as 1,500 users downloaded the game before Steam removed it from the platform.

The situation should be a wake-up call for all gamers.

PirateFi: Before
PirateFi: After

What Is PirateFi?

PirateFi is an immersive survival game involving gathering food and supplies, crafting tools and weapons, and building bases. The game can be played in single-player and multiplayer modes. It received a 9/10 rating and several glowing reviews.

While ratings and comments can be fabricated to boost engagement, it looked like PirateFi was on its way to becoming a major hit among gamers, as several people downloaded the game in the short time it was on Steam’s marketplace.

Steam Downloads of PirateFi

However, gamers were about to find out that PirateFi wasn’t the only thing they downloaded. Users started receiving messages on Telegram about an in-game chat moderator job that paid $17 an hour. The idea of getting paid to play and interact in the game — something they probably would’ve done for free — sounded too good to be true. One user in particular found this to be suspicious and did some digging.

Chat log screenshot.

First, he noticed the cadence of the messages. He saw that the replies from the “developer” were sent precisely 21 seconds after the previous message. If you’re not paying attention, you will probably miss that detail. However, message replies that are all evenly spaced are clear indicators of a fake and automated account — and you’re more than likely talking to a chatbot.

And that’s precisely what was happening: The chat moderator job didn’t exist.

The AI chatbot offered gamers the role to get them to download and install the game. So why lie about a job? Was it a malicious marketing ploy to boost their download numbers and popularity on Steam? Or was it something more sinister like social engineering or a phishing attack to steal user information or worse?

A Dangerous Game

While users were starting to catch on that something was “fishy” about the chat moderator job, another user found out that it wasn’t the job that was the issue. It was the game itself.

This message on the Steam Games forum that we translated with Google shows that a user tried to install the game, but his antivirus software blocked it from being downloaded because it contained a file known as “Trojan.Win32.Lazzy.gen.”

Forum post from user Solniwko.
Forum post from user Solniwko.

After some review, it appeared that the “game” included other software that once PirateFi was installed and launched. A file called Howard.exe would be added to the user’s /AppData/Temp/****/ directory with a parameter called /VERYSILENT.

Virus Analysis: Courtesy of Solniwko.

This means the action would happen in the background, and the status would not be displayed. It appears that PirateFi was distributing malware. So, what exactly is malware?

What Is Malware?

Malware is any kind of software designed to harm your computer or steal your information. Think of it like a digital virus. It can do all sorts of nasty things — from slowing down your computer, to stealing your passwords, and even giving hackers control over your entire system.

In the case of “PirateFi,” the malware was designed to steal passwords. After reviewing the malware, SECUINFRA identified the malware as a version of the Vidar infostealer and posted this message on social media:

“If you are one of the players who downloaded this “game”: Consider the credentials, session cookies, and secrets saved in your browser, email client, cryptocurrency wallets etc. compromised.”

Howard.exe file reverse engineered: Courtesy of Solniwko.

If you played the game, the login details for your email, social media, banking, or any other online account you log into could have been compromised. Imagine the damage someone could do with that information.

For more information about malware and the different types, check out this article.

What to Do if You Installed PirateFi

This incident highlights several critical points: First, regular social engineering techniques succeed more than fail. However, with AI, the chances of attackers succeeding in their attacks increase significantly. As a result, users must be more aware of online scams and phishing attacks.

Also, just because something is on a platform like Steam doesn’t automatically mean it’s safe or should be trusted. Unfortunately, bad actors can sometimes find ways to sneak malicious software into even seemingly reputable places.

Several affected users posted warnings on PirateFi’s Steam Community page, telling everyone to stay away from the game because it contains malware. In addition, Steam posted a message confirming the game contained malware and encouraged users to doa “full-system scan.”

Steam’s Message: Courtesy of SteamDB

If you downloaded “PirateFi,” here’s what you must immediately do:

  • Uninstall the game: Get it off your system right away.
  • Run a full system scan with your antivirus software: This will help detect and remove any remaining malware. If you don’t have antivirus software, get it now! It’s essential.
  • Change your passwords: Change the passwords for all your important online accounts, especially email, banking, and social media. Use strong, unique passwords for each account.
  • Monitor your accounts: Keep a close eye on your online accounts for suspicious activity. Look for unauthorized logins, strange emails, or anything else out of the ordinary.

Tips for Staying Safe

In addition to what you need to do to protect yourself immediately, here’s how to protect yourself in the future:

  • Be cautious with free software: Free doesn’t always mean good. Pay close attention to any free software, especially from unknown developers. Do your research before installing anything.
  • Keep your software updated: Install updates and patches on your operating system, web browser, and antivirus software. Updates often contain crucial security patches.
  • Use strong passwords: Use unique and strong passwords for every account. A password manager can help with this.
  • Don’t click on suspicious links: Be wary of links and QR codes in emails, messages, or websites.
  • Stay informed: Keep up-to-date with the latest cybersecurity news and threats.

Verify the Legitimacy of Games

The “PirateFi” situation is a reminder that malicious actors are always looking to steal data — even in the spaces you’d least suspect — and that online security is everyone’s responsibility. You should always verify the legitimacy of a game before downloading and installing it.

To verify new or lesser-known games on platforms like Steam or Epic:

  • Research the developer.
  • Evaluate the game’s presentation.
  • Check community feedback.
  • Look out for red flags like inconsistent info or unrealistic promises.
  • Trust your instincts.

By taking these precautions, you can significantly reduce your risk of falling victim to malware and enjoy your favorite activities, like playing video games.


Source link
Related Articles
Exit mobile version