{"id":53038,"date":"2025-02-17T09:26:33","date_gmt":"2025-02-17T14:26:33","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=53038"},"modified":"2025-02-17T11:21:40","modified_gmt":"2025-02-17T16:21:40","slug":"games-with-trojans-in-steam","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/games-with-trojans-in-steam\/53038\/","title":{"rendered":"Gamers beware: Trojans have invaded Steam"},"content":{"rendered":"

There are probably no gamers left who don\u2019t know that downloading games from torrent trackers is a risky business. Yes, they come at no cost, cracked and sometimes conveniently repackaged \u2014 but they might contain malware. That\u2019s why security solutions<\/a> throw a fit \u2014 quarantining torrent files, preventing the installation of cracks\u2026 well, we should be thankful for that!<\/p>\n

Official app stores like Steam are a different story, right? Surely everything\u2019s perfectly safe there, isn\u2019t it? Nope. In February, a game bundled with malware was discovered on the platform. Not to worry, though: last week, Valve removed the infected game from its Steam platform after a user reported that their antivirus software \u2013 guess which one?<\/a> \u2014 prevented them from running the game due to the presence of malware.<\/p>\n

The user\u2019s antivirus\u00a0 flagged the game as containing Trojan.Win32.Lazzzy.gen<\/em>, prompting Valve to act swiftly and remove it from the platform. We can confirm that it was Kaspersky's antivirus solution<\/a> that detected the threat \u2014 thanks to the Kaspersky Security Network<\/a> recognizing the malware.<\/p>\n

Survival sim starring your computer<\/h2>\n

The game in question was PirateFi, a survival sim offering users the chance to play as a pirate in both single-player and multiplayer modes. It appears it wasn\u2019t just the players who needed to survive \u2014 but their computers too.<\/p>\n

\"PirateFi<\/a>

PirateFi was touted as the thrifty gamer\u2019s Sea of Thieves<\/p><\/div>\n

It wasn\u2019t exactly a hit: maybe five concurrent players at peak times, and just 165 subscribers. The exact number of victims is unknown. VG Insights<\/a> estimates around 1500, while Gamalytic<\/a> puts the number of downloads at 859.<\/p>\n

The game was found to contain Windows-based malware designed to infect users\u2019 computers and steal sensitive information. The malware, disguised as Howard.exe<\/em>, was programmed to unpack itself into the user\u2019s \/AppData\/Temp\/<\/em> directory upon launching the game \u2014 subsequently stealing browser cookies and potentially allowing attackers to gain access to various user\u2019s online accounts. Several users who downloaded the game reported compromised accounts, password changes, and unauthorized transactions.<\/p>\n

In the end, everyone who had played PirateFi on Steam received a notification email about a potential malware threat on their computers. There were no details about the malware or any explanations as to how it had slipped into the app store. So victims didn\u2019t know exactly what ended up on their devices: a miner, a stealer, or something else entirely. Instead, Valve, the company behind Steam, recommended that they run a scan of their computers with a reliable security solution<\/a>.<\/p>\n

<\/a>

Players found the suggestion to \u201creformat\u201d their operating systems particularly amusing<\/p><\/div>\n

As for the game\u2019s developers, Seaworth Interactive, there\u2019s virtually no information about them online. PirateFi was their debut in the gaming industry, so it\u2019s safe to assume that the malware campaign was intentional. PCMag<\/a> supported this theory \u2014 noting attempts to promote the game through Telegram channels targeting users in the U.S. For example, a job posting for a PirateFi in-game chat moderator<\/em> was listed. It promised $17 per hour, with payments every two days. This sounded way too good to be true, particularly because moderators in free-to-play games are typically students with a lot of free time, who are usually paid in in-game currency.<\/p>\n

PirateFi isn\u2019t the only such case<\/h2>\n

Malware infiltrated Steam a decade ago as well. Back then, it was Dynostopia<\/a> players who got hit with a Trojan. The game was in its beta phase and was hosted on Steam Greenlight, which was Valve\u2019s program for indie developers, discontinued in 2017. As for the Trojan, affected users reported that upon downloading the game, their desktops were immediately locked, preventing any access even after a system reboot. Sometime later, they\u2019d discover their Steam profiles had been modified: a proud label declaring them as Dynostopia beta testers<\/em> would be added, along with a prompt for all their friends to experience this \u201cfantastic\u201d game.<\/p>\n

Malware keeps finding its way into apps \u2014 including games and Google Play<\/a> apps. Recently, it\u2019s even managed to infiltrate the App Store<\/a> as well. Thus, mobile gaming faces a much greater challenge than PC gaming, and it\u2019s not a matter of platform moderation. It\u2019s simply a matter of numbers: there are significantly more apps for smartphones than for computers \u2014 hence the higher prevalence of malware on mobile platforms. For this reason, we consistently urge smartphone users to pay attention to app reviews and ratings. Although this isn\u2019t a guarantee of safety, as positive ratings can be easily inflated, PC gamers should also heed this advice.<\/p>\n

Another way cybercriminals target players is by distributing Trojan-infected mods or cheats. Call of Duty fans are all too familiar with this. Last year, Activision conducted a large-scale investigation<\/a> to determine how Trojans were ending up on their players\u2019 systems. Among the potential causes suggested by the tech giant was the use of third-party tools such as mods, cheats, and trainers.<\/p>\n

Security tips for gamers<\/h2>\n

First of all, be vigilant and play fair. Stay away from cheats unless you want to lose your game account and, even worse, have your bank or crypto wallet details on your computer compromised. Stick to tried-and-tested games with lots of reviews \u2014 they might be negative, but so long as they\u2019re honest, that\u2019s what matters.<\/p>\n

The second, but no less important, piece of advice is to install gaming antimalware<\/a>. If you\u2019ve played PirateFi or some other obscure title, follow Valve\u2019s advice and install a security solution immediately. Don\u2019t rely on game moderation alone on Steam or any other platform. It might keep you 99% safe from trojanized games, but that last, treacherous 1% could always include the one that gets you. So do your homework: explore the tests<\/a>, look at the reviews<\/a>, and make an informed decision about which option you\u2019ll entrust with your computer\u2019s security.<\/p>\n

Kaspersky Premium<\/a> includes a dedicated gaming mode that busts the myth that antivirus programs cause performance issues on gaming PCs. Here\u2019s how it functions: when you launch a game, Kaspersky Premium<\/a> temporarily halts its database updates, notification pop-ups, and scheduled system scans. The background protection will save you from unknowingly becoming a beta tester for Dynostopia, PirateFi and other malware disguised as games.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

If you still think that Steam, Google Play, and the App Store are malware-free, then read this fascinating story about PirateFi and other hacker creations disguised as games.<\/p>\n","protected":false},"author":2754,"featured_media":53039,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2683],"tags":[647,164],"class_list":{"0":"post-53038","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-gamers","9":"tag-steam"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/games-with-trojans-in-steam\/53038\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/games-with-trojans-in-steam\/28584\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/games-with-trojans-in-steam\/23822\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/games-with-trojans-in-steam\/28698\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/games-with-trojans-in-steam\/27957\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/games-with-trojans-in-steam\/30774\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/games-with-trojans-in-steam\/29467\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/games-with-trojans-in-steam\/39053\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/games-with-trojans-in-steam\/13162\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/games-with-trojans-in-steam\/22590\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/games-with-trojans-in-steam\/23427\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/games-with-trojans-in-steam\/31955\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/games-with-trojans-in-steam\/37466\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/games-with-trojans-in-steam\/29507\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/games-with-trojans-in-steam\/28815\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/games-with-trojans-in-steam\/34651\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/games-with-trojans-in-steam\/34279\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/gamers\/","name":"gamers"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/53038","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2754"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=53038"}],"version-history":[{"count":6,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/53038\/revisions"}],"predecessor-version":[{"id":53048,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/53038\/revisions\/53048"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/53039"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=53038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=53038"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=53038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}