Hackers Use Steam Game To Secretly Steal User Data

The hacking group EncryptHub secretly embedded info-stealing malware into the early access Steam game  Chemia, putting unsuspecting players at risk.

The game delivered HijackLoader and Vidar infostealers to user devices. Malware connected to a Telegram-based command-and-control system. The attack was stealthy, with no impact on gameplay performance.

BleepingComputer, who first reported this story, explains that Chemia, a survival crafting game by Aether Forge Studios, is still in early access and has no official release date. According to cybersecurity firm Prodaft, the compromise began on July 22 when EncryptHub added malicious files to the game.

LARVA-208’s modification of the game to distribute Fickle Stealer, HijackLoader and Vidar demonstrates a concerning trend. ➡️Check the IOCs now: https://t.co/heavBpufeD #threatintel #cybersecurity #malware #IOC pic.twitter.com/epfckhIohC — PRODAFT (@PRODAFT) July 23, 2025 The first malware, HijackLoader (CVKRUTNP.exe), sets up long-term device access before downloading the Vidar info-stealing program. The malware connects with its command center through a Telegram channel. The second malware, Fickle Stealer, is added through a DLL file named cclib.dll just three hours after the initial malware deployment. The file executes PowerShell scripts to retrieve its main payload from an untrustworthy  domain. BleepingComputer explains that the Fickle Stealer malware steals browser data,  including passwords, cookies and cryptocurrency wallet information. “The compromised executable appears legitimate to users downloading from Steam, creating an effective social engineering component that relies on platform trust rather than traditional deception techniques,” Prodaft told BleepingComputer. “When users click on the Playtest of this game, which they find in the free games, they are actually downloading malicious software,” the researchers added. The malware runs silently, without disrupting gameplay, so most players remain unaware that their data is being  stolen. The exact method  through which EncryptHub accessed the game remains unknown, but insider involvement  seems probable. The game developers have not made any public  announcements about the situation, while the game continues to remain live on Steam. BleepingComputer notes that this is the third malware case involving early access Steam games this year. Until an official investigation is completed, experts recommend avoiding Chemia and being cautious with early access titles.