Malware Incident on Steam
On February 6, a group of hackers managed to upload a pirate-themed survival game called PirateFi to the Steam platform under the developer name Seaworth Interactive. The game, which was available for at least a week before being taken down by Valve, contained malware designed to steal users’ browser cookies, potentially allowing hackers to access their online accounts.

Details of the Incident
According to SteamDB, between 800 and 1,500 users may have downloaded the free-to-play game before it was removed from the Steam storefront. Notably, the game’s screenshots and promotional video were actually taken from an existing survival game called Easy Survival RPG. Some users’ anti-virus software flagged the game as "Trojan.Win32.Lazzzy.gen," a type of malware that attempts to steal browser cookies, before they even ran it.

Image of the Incident
[Image: PirateFi Tweet, courtesy of SteamDB]

Job Offers and Suspicious Activity
PCMag, which initially reported on the game, found that someone representing PirateFi was posting job offers for an "in-game chat moderator" on Telegram, with a salary of $17. One reader suspected that they were communicating with a chatbot, which encouraged them to download the malware-infected game.

Valve’s Response
After removing the game from the platform, Valve notified users who played PirateFi that the developer’s Steam account had uploaded builds containing suspected malware. The company recommended that affected users run a full system scan with anti-virus software and check for any suspicious or newly installed software on their PCs. In extreme cases, Valve suggested considering a Windows reinstall to completely eliminate any potential malware.

Lack of Developer Presence
It is worth noting that Seaworth Interactive, the supposed developer of PirateFi, had no website or social media presence, which should have raised concerns about the game’s legitimacy. This incident has raised questions about Valve’s vetting process and how a game with malware was able to be released on the platform.

Preventing Future Incidents
We reached out to Valve for comment but have not received a response. The main question remains: How did a game with malware make it onto Steam, and what measures will Valve take to prevent similar incidents in the future?