The Steam malware attack has alarmed gamers after threat actor EncryptHub compromised an early access title on Steam. The survival crafting game Chemia was found to contain info-stealing malware, putting unsuspecting players at serious risk.
How the Attack Happened
Security researchers at Prodaft report that the compromise began on July 22. EncryptHub (also tracked as Larva-208) injected malicious binaries into Chemia‘s files. The altered files delivered:
- HijackLoader (
CVKRUTNP.exe) – establishes persistence and fetches the Vidar infostealer. - Vidar infostealer (
v9d9d.exe) – steals account credentials, browser data, and cryptocurrency wallet information.
The malware retrieves its command-and-control (C2) address from a Telegram channel.
The Second Malware Injection
Just three hours later, EncryptHub added another payload, Fickle Stealer, via the cclib.dll file. This malware, launched through a PowerShell script (worker.ps1), gathers sensitive browser data, including saved passwords and cookies.
Prodaft notes that the malicious executable appears legitimate to users, leveraging Steam’s platform trust to spread malware.
Who Is EncryptHub?
EncryptHub is a notable threat actor linked to both cyberattacks and responsible vulnerability disclosures. Last year, the group ran a large-scale spear-phishing campaign affecting over 600 organizations worldwide.
In this latest Steam malware attack, the malicious software runs silently in the background without affecting gameplay performance. Gamers are unlikely to detect the compromise.
Response and Risks
Neither Aether Forge Studios, the developer of Chemia, nor Valve has released a statement. As of now, Chemia remains available on Steam, and it is unclear if the game’s files have been cleaned.
Security experts recommend avoiding the title until an official confirmation is issued. This is the third malware incident on Steam in 2025, following Sniper: Phantom’s Resolution in March and PirateFi in February.
Why Early Access Titles Are Risky
All three malware cases involved early access games. These titles often face less rigorous review, creating an opportunity for attackers. Gamers should exercise caution when downloading work-in-progress releases.
Conclusion
The Steam malware attack highlights the risks of trusting early access games without verification. With info-stealers like Vidar and Fickle Stealer active in Chemia, players should avoid downloading the title until Valve and the developer confirm it is safe. Security researchers have published indicators of compromise to help users detect infection.
0 responses to “Steam Malware Attack Targets Early Access Game Chemia”