top of page
OceanVertical

Infostealer Malware Hidden in Steam Early Access Game

  • cypac1
  • Jul 29
  • 2 min read


Steam Malware

What happens when a game meant to entertain ends up betraying your trust and your data?

A survival crafting Steam title turned out to be the delivery vehicle for not one, not two, but three strains of infostealer malware. Gamers beware, trust can be a double-edged sword.

A threat actor known as EncryptHub (aka Larva 208) slipped malicious binaries into the Steam Early Access game Chemia, developed by "Aether Forge Studios" and not publicly released yet. On July 22, 2025, EncryptHub embedded:

  • HijackLoader (CVKRUTNP.exe) establishes persistence and downloads additional malware

  • Vidar Infostealer (v9d9d.exe)

  • Fickle Stealer, delivered via PowerShell DLL (cclib.dll) three hours later, collects browser credentials, cookies, crypto wallet data, and auto-fill information.

Steam’s early access and play-test features allowed the malware to reach unsuspecting users, up to hundreds or more, while relying on platform trust rather than typical phishing tricks. This method bypasses traditional deception by taking advantage of user confidence in Steam. Vidar and Fickle are potent malware as a service tools widely used in credential harvesting campaigns.

Prodaft's IOCs led Steam to remove Chemia. Users expressed frustration on Reddit and gaming forums over the lack of transparency. This incident highlights ongoing issues in platform moderation against malicious content, akin to PirateFi and Sniper: Phantom’s Resolution.

The Takeaway


Even platforms you trust can be weaponized, especially in early access or play-test scenarios. One infected game, Chemia, exposed users to multiple stealth malware variants, capable of exfiltrating passwords, crypto data, and more. Always assume risk when installing media beyond official releases, even on Steam. Stay safe out there

-Attila.



Positivity Box You’re not powerless. Detecting malware early is achievable. To enhance your security, keep your antivirus and endpoint protection active, monitor for any unexpected persistence behavior, and utilize strong, unique passwords along with multi-factor authentication. If you participated in the Chemia play-test, there’s no need to panic; you still have time to take action by scanning your system and changing your credentials. Together, we’ll transform vigilance into empowerment.

New Funnies!


Why did the malware download the game?

To level up with your credentials and unlock the vault of your digital life. What happens when cookies are stolen?

Even the browser goes into incognito ashamed it couldn’t protect dessert. Why don’t infostealers need cheat codes?

They already know all your passwords.

cat game over

survive joke

steam comic


 
 
 

Comments

bottom of page