Recently, a significant malware infection incident has emerged, targeting gamers who unknowingly downloaded the early access game Chemia from Steam. The hacker group known as EncryptHub injected info-stealing malware into the game, using a Trojan downloader executed alongside the legitimate game files. This executable appeared authentic, which effectively exploited user trust in the Steam platform for social engineering purposes. The malware operated covertly, posing no immediate disruptions to gameplay and leaving users unaware of the infection.
The types of malware incorporated into this infection include Fickle Stealer, HijackLoader, and Vidar. Vidar, widely recognized as a Malware-as-a-Service info stealer, utilizes public networks—such as Steam—for command-and-control communications, further enhancing the threat. Collectively, Fickle Stealer and HijackLoader actively gather sensitive user data, culminating in significant information theft. Importantly, malicious components incorporated persistence mechanisms, ensuring continuous access post-infection. Steam’s large user base further incentivizes cybercriminals to exploit such vulnerabilities. The attackers likely exploited port forwarding vulnerabilities to maintain unauthorized access to infected systems.
Analysis indicates a concerning trend within early access games on Steam, where all three of the known malware incidents in 2025 targeted titles that had not yet undergone thorough vetting processes, amplifying risk exposure. Chemia, alongside other compromised titles like Sniper: Phantom’s Resolution and PirateFi, highlights the vulnerabilities associated with less-reviewed games. These incidents illustrate how social engineering tactics can turn gaming communities into lucrative targets for cybercriminals.
The consequences for affected gamers are troubling. Those who downloaded Chemia unwittingly installed malicious software that could jeopardize their personal data and passwords. Covert operations increase the likelihood of prolonged credential harvesting, with victims potentially falling prey to identity theft, financial fraud, and unauthorized online access.
Such repercussions extend beyond individual accounts; infected machines used for sensitive activities pose a larger risk of network compromise.
