A survival game released on Steam’s Early Access platform prior to its official launch has been flagged by cybersecurity researchers for allegedly containing potent malware designed to target users’ cryptocurrency and personal data.

The game in question is Chemia, developed by Aether Forge Studios. According to a report by cybersecurity firm Prodaft, the title was compromised by a known cybercriminal group called EncryptHub (also known as Larva-208) on July 22.

Prodaft detailed the presence of three specific malware components within the game: Hijack Loader, Fickle Stealer, and Vidar Stealer.

• Hijack Loader: This component is designed to deploy other malicious programs on an infected system.
• Fickle Stealer: Aids attackers in accessing digital asset wallets.
• Vidar Stealer: A sophisticated credential stealing tool capable of targeting web browser data, password managers, and other applications.

The discovery appears to stem from Tech outlet Bleeping Computer’s initial report. Following this revelation, Steam removed Chemia from its platform, as attempts to link to the game now redirect users to the main Steam homepage.

However, Steam did not immediately respond to a follow-up request for comment from Decrypt regarding the removal or its procedures for vetting games on the Early Access platform.

Steam’s Early Access program intentionally releases games before they are fully developed, allowing users to test them and providing developers with feedback. This lenient approach, however, also makes it a potential target for malicious actors seeking to exploit the testing phase.

This incident highlights a growing threat: malware infections have increased significantly over the past decade (by 87% according to Statista data), and the global economic damage from cybercrime is forecasted to reach a staggering $10.5 trillion by the end of 2025 ($3 trillion figure sourced from prior data/comparison given, Cybersecurity Ventures). Furthermore, EncryptHub previously deployed this specific trio of malware to compromise over 600 organizations.

Bitcoin wallets and online accounts, including those linked to Steam itself, could potentially be compromised by this malware. MiniOrange, a cybersecurity firm, warned that Steam users employing weak passwords may risk account takeovers, potentially leading to banned accounts or stolen inventory.

This discovery follows other instances of malware discovered on Steam’s Early Access platform, such as games named Sniper: Phantom’s Resolution (March 2024) and PirateFi, reinforcing the ongoing security challenges associated with pre-release distribution models and the prevalence of targeted cybercrime.