Valve has removed a free-to-play game called "PirateFi" from its Steam platform after discovering it contained malicious software designed to steal users' browser cookies and hijack online accounts.
The game, released on February 6 by developer Seaworth Interactive, masqueraded as a survival simulation game but distributed Windows-based malware.
The deceptive game accumulated positive reviews on Steam, achieving an 88% positive rating, likely aided by its free-to-play status.
According to data from Video Game Insights and Gamalytic, between 859 and 1,530 users may have downloaded the infected game before its removal.
A Steam user first identified the threat when their antivirus software detected "Trojan.Win32.Lazzzy.gen" while attempting to run the game. Further investigation revealed that upon launch, the malware would unpack itself into the computer's AppData/Temp directory as "Howard.exe" and proceed to steal browser cookies, potentially compromising users' various online accounts.
In response to the security breach, Valve issued an urgent warning to affected users, recommending they "run a full-system scan using an antivirus product that you trust or use regularly, and inspect your system for unexpected or newly installed software."
The company also suggested users consider "fully reformatting your operating system to ensure that no malicious software remains."
An additional concerning detail emerged when a PCMag reader reported that the malware distributors were using sophisticated social engineering tactics on Telegram.
They created fake job listings for in-game chat moderator positions, offering $17 per hour to lure potential victims. The scheme reportedly utilized an AI-powered bot that responded to messages with consistent 21-second intervals.
Valve didn’t immediately respond to a request for comment, so it’s unclear how the malicious game ended up on the Steam store. SteamDB estimates that the game may have circulated to over 800 users.