On Thursday, February 6, hackers somehow uploaded a pirate-themed survival game called PirateFi onto Steam under the developer name Seaworth Interactive. The game contained malware designed to steal the user’s browser cookies. PirateFi had been up for at least a week before Valve took it down from its storefront and notified users that their PCs may be at risk.
The Steam page for PirateFi has been taken down, but you can still find some screenshots online. According to SteamDB, 800 to 1,500 people may have downloaded the free-to-play game before it was delisted. One user even pointed out that the screenshots and video used to promote the game were actually taken from an existing survival game called Easy Survival RPG.
PCMag, which originally reported on the game, said that some users’ anti-virus software flagged the game before running it as “Trojan.Win32.Lazzzy.gen,” a type of malware that attempts to steal browser cookies. With that information, hackers could access the users’ various online accounts.
PCMag also reported that someone representing PirateFi was posting job offers for an “in-game chat moderator” for $17, which had been circulating on Telegram. One reader told PCMag that they suspected they were talking to a chatbot based on the speed of the replies and its assistance and that they should download the malware-infected game.
After taking down the game, Valve sent users who played PirateFi a message saying that the “Steam account of the developer for this game uploaded builds to Steam that contained suspected malware.”
Valve recommends that users who downloaded PirateFe run a full system scan with anti-virus software and check for auspicious or newly installed software on their PPCs. As a last resort, Valve also recommends that users consider reinstalling Windows to completely rid their system of any potential malware.
This is the only game by “developer” Seaworth Interactive; aside from the now-taken-down Steam page, the developer had no website or social media presence, which should have already set off alarm bells for anyone paying attention.
We contacted Valve for comment but have not heard back. The big question remains: How was a game loaded with malware released onto Steam? More importantly, what is Valve’s plan to prevent something like this from happening again?
