The game Chemistrya title of survival with early access on Steam, actually hides a much more vicious trap than nasty virtual creatures. According to Cybersecurity researchers from PRODAFT, this game served as a vector for several malware, injected into its files by a pirate known under the Pseudonyms Encrypthub (or Larva-208). The attack was said to have been launched on July 22.
A game transformed into a Trojan horse
The operating mode is as simple as it is effective: a malicious program called Trojan Downloader is executed at the launch of the game, in parallel with the real content. This file adds a permanent entry point to the victim’s computer and allows you to install other malware such as Vidar, Hijackloader and Fickle Stealer.
Vidar is a data thief sold as a service, he is able to recover personal information via popular platforms … including Steam. Hijackloader, for its part, serves as a relay to load other malware like Redline or Danabot. As for Fickle Stealer, it operates PowerShell to bypass Windows protections and empty cryptocurrency wallets, recover saved passwords in browsers or siphon sensitive files.
The origin of the game in question remains nebulous. Developed by an unknown studio called Aether Forge Studios, Chemistry does not have any official site, and its screenshots on Steam show neither characters nor gameplay. It was only accessible on request, a detail that leaves a big doubt about the number of victims.
The case Chemistry is not isolated. In February, Piratefianother game hosted on Steam turned out to be a vector of infection. The pirate had used it to recruit moderators via Telegram, before having an executable trapped. The following month, Sniper: Phantom’s Resolution also served to broadcast malware, this time via an external site linked to the Steam page of the game.
With more than 100 million active users each month, Steam represents a target of choice for cybercriminals. And despite the security measures implemented by Valve, some malicious files still manage to pass between the meshes of the net.
Prodaft researchers warn against this new infiltration method. “” When a user downloads and launches the game, the malware runs at the same time as the legitimate application They explain. A formidably discreet mechanism. And efficient!
To limit risks, it is better to remain vigilant. Avoid downloading games or files offered by strangers, even if they seem to come from a friend: his account could have been compromised. If in doubt, contact it via another channel. Finally, an up -to -date antivirus solution remains essential, especially if you regularly install games in early access or from little -known studios.
🟣 To not miss any news on the Geek newspaper, subscribe to Google News and on our WhatsApp. And if you love us, .
