Cybercriminals used a game on the Steam platform to spread the Vidar malware, capable of stealing crucial data from victims’ computers, including cryptocurrency wallet keys. This was reported by TechCrunch, citing experts from SECUINFRA.

The application, which has already been removed from Steam, was a modified version of the Easy Survival RPG game template. According to SECUINFRA analyst Marius Genheimer, PirateFi was initially designed solely as a carrier for malicious code, and with the ready template, hackers quickly created a convincing “pirate RPG” wrapper.

The perpetrators showed particular interest in the Web3 audience, styling the project’s name and account address on X in a way that appealed to the DeFi segment, while promising to release their own token on Solana.

An archived copy of the game’s page on Steam showed that no Web3 elements were mentioned in the description. In 2021, Valve, the operator company, banned applications using blockchain or direct integration of NFTs from being listed on the platform.

After the discovery and removal of the application, the Steam team notified users of the incident and recommended they check their devices with antivirus software.

SECUINFRA noted that Vidar is capable of stealing and transmitting sensitive data from an infected computer, such as cryptocurrency wallet information, autofill passwords in browsers, cookies, browsing history, screenshots, two-factor authentication codes, and other files.

Specialists analyzed the structure of the virus’s associated control servers and concluded that the game was only a part of a strategy to spread the virus on a large scale.

According to Genheimer, Vidar is a popular piece of malware that can easily be purchased, which makes it much harder to track down the perpetrators.

Earlier, Merkle Science analysts described the main tactics of crypto fraudsters in 2024.