Hacker sneaks infostealer malware into early access Steam game

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/hacker-sneaks-infostealer-malware-into-early-access-steam-game/

A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title.

A few days ago, the hacker (also tracked as Larva-208), injected malicious binaries into the Chemia game files hosted on Steam.

Chemia is a survival crafting game from developer ‘Aether Forge Studios,’ which is currently offered as early access on Steam but has no public release date.

According to threat intelligence company Prodaft, the initial compromise occurred on July 22, when EncryptHub added to the game files the HijackLoader malware (CVKRUTNP.exe), which establishes persistence on the victim device and downloads the Vidar infostealer (v9d9d.exe).

The researchers found that the malware retrieved the command-and-control (C2) address from a Telegram channel.

The second piece of malware was Fickle Stealer, added to Chemia just three hours later through a DLL file (cclib.dll). The file uses PowerShell (‘worker.ps1’) to fetch the main payload from soft-gets[.]com.

This is the third case of malware slipping into Steam this year. The previous ones were ‘Sniper: Phantom’s Resolution’ in March, and ‘PirateFi’ in February.

In all three cases, the titles were early access games and not stable releases, which may indicate more lax reviewing procedures from Steam on such titles. That said, caution is advised when downloading “work-in-progress” titles.

Hacker sneaks infostealer malware into early access Steam game

A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title.

www.bleepingcomputer.com