A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title.
A few days ago, the hacker (also tracked as Larva-208), injected malicious binaries into the Chemia game files hosted on Steam.
Chemia is a survival crafting game from developer ‘Aether Forge Studios,’ which is currently offered as early access on Steam but has no public release date.
Chemia on Steam
Source: BleepingComputer
titled Chemia , also tracked as ‘,’ Fickle Stealer and HijackLoader malware on unsuspecting players who downloaded the title.
According to threat intelligence Prodaft, the initial compromise occurred on July 22, when EncryptHub added to the game files the HijackLoader malware (CVKRUTNP.exe), which establishes persistence on the victim device and downloads the Vidar infostealer (v9d9d.exe).
The researchers found that the malware retrieved the command-and-control (C2) address from a Telegram channel.
The second piece of malware was Fickle Stealer, added to Chemia just three hours later through a DLL file (cclib.dll). The file uses PowerShell (‘worker.ps1’) to fetch the main payload from soft-gets[.]com.
Fickle Stealer is an info-stealer that harvests data stored in web browsers, such as account credentials, auto-fill information, cookies, and cryptocurrency wallet data.
... continue reading