"PirateFi": Valve removes infected Free2Play game
A Free2Play game smuggled malware to Steam users. Valve has deleted the game from the store – too late for those affected.
The now deleted Steam page of "PirateFi"
(Image: heise online)
Valve has removed a malware-infected Free2Play game from its Steam store. The security firm Kaspersky reported this in a recent blog post. The pirate game "PirateFi" was removed from the store last week after a user informed Valve that malware had been found.
A screenshot of the unofficial Steam tracker SteamDB shows an email that Valve subsequently sent to players of "PirateFi". According to this, certain builds of "PirateFi" were infected with the malware. "You played 'PirateFi' on Steam while these builds were active," Valve writes in the email. "Therefore, it is likely that these malicious files were launched on your computer."
Access to login information
Valve recommends that affected users run a system scan with antivirus software. It may also be useful to format the system. According to Kaspersky, its own antivirus software has identified the malware in "PirateFi" as Trojan.Win32.Lazzzy.gen. The malware had hidden itself in the file "Howard.exe" and was programmed to unpack itself into the Temp folder in the AppData directory. From there, it could steal browser cookies and use them to gain access to the accounts of affected users. According to Kaspersky, several posts in the Steam forums show cases in which attackers were actually able to gain access to the accounts of "PirateFi" players. However, the original forum posts are no longer available.
Videos by heise
It is unclear how many people played "PirateFi". "PirateFi" was not a particularly popular game; the website Vginsights estimates that the game was downloaded around 1500 times. Gamalytic estimates the number of downloads at 860, while the SteamDB tracker shows that "PirateFi" was played by a maximum of five people at the same time. In any case, the number of users affected is likely to be very low. The development studio behind the game is unknown.
The case is more interesting because it shows that Valve's own security system has loopholes. According to Kaspersky, the last known case of a game spreading malware on Steam was almost ten years ago: back then, "Dynostopia" was released as a beta on Steam's "Greenlight" platform, which has since been discontinued. The game was able to download malware from external sources in order to gain control over users' systems.
(dahe)
