An upcoming Steam game is possibly just a malware-spreading Trojan.
Cybersecurity vendor Prodaft has uncovered evidence that an early access game on Steam called Chemia has been updating itself to deliver “multiple malware families.”
As BleepingComputer reports, the finding appears to be the third case of malware leveraging Valve’s Steam store. However, Chemia is only available to Steam users who request to try it, making it unclear if any consumers ever installed it.
This Tweet is currently unavailable. It might be loading or has been removed.
It appears Prodaft uncovered the malware because it’s been tracking a hacking group called Larva-208, also known as EncryptHub. “When users download and launch the game, the malware executes alongside the legitimate application. LARVA-208 uses this method to deliver two main payloads: Fickle Stealer and HijackLoader,” the cybersecurity vendor said on a GitHub page that lists the indicators of compromise.
Chemia comes from a mysterious and new developer called Aether Forge Studios, which doesn’t appear to have a public website. The developer describes the title as “survival crafting game,” but the screenshots merely show basic backgrounds, no characters or gameplay.
According to BleepingComputer, Prodaft suspects that Larva-208 added the malicious component to the game on July 22 by including CVKRUTNP.exe, which functions as the HijackLoader malware. CVKRUTNP.exe will also download the Vidar infostealing malware.
Recommended by Our Editors
Valve didn’t immediately respond to a request for comment. In February, a separate free game called PirateFi was hosted on Steam to deliver a Windows-based malware. To circulate the game, the hacker used the Telegram messaging app to recruit users interested in being moderators for the title. It’s unclear how it evaded Valve’s safeguards, but the company did warn affected users.
In March, another upcoming game on Steam called Sniper: Phantom’s Resolution was also exploited to deliver malware. But in this case, the hacker created a fake website to hijack the game’s external domain, which was featured on its Steam page, to circulate the malware.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
About Michael Kan
Senior Reporter
