A new game on Steam has been caught spreading dangerous malware. The game, called Chemia, was recently released on Steam's Early Access platform but has now been removed after cybersecurity researchers found it was used to steal personal data and crypto wallet info from players.

Malware Discovered in Chemia Survival Game

Chemia, built by Aether Forge Studios, is a survival crafting game that appeared harmless. But according to a new report from cybersecurity firm Prodaft, the game had been hijacked by a hacking group called EncryptHub, also known as Larva-208. On July 22, the attackers added 3 different types of malware to the game's files: HijackLoader, Vidar Stealer, and Fickle Stealer.

The first, HijackLoader, hides inside the user's system and gives hackers control. The other two, Vidar and Fickle Stealer, are known for stealing data like crypto wallet keys, browser passwords, cookies, and even auto-fill information.

Steam game Chemia

The Role of Telegram and Remote Servers

Prodaft researchers found that the malware used Telegram to fetch instructions. This means hackers could easily control infected systems and manage the attacks remotely. Vidar Stealer downloaded more files through a file called v9d9d.exe, while Fickle Stealer used a DLL file named cclib.dll, along with a PowerShell script called worker.ps1, to pull more dangerous code from a site called soft-gets[.]com.

This setup allowed EncryptHub to run the malware quietly in the background without affecting game performance, which helped keep it hidden from most users.

Steam Removes Chemia Without Public Notice

After the malware was reported, Steam removed the game from its store. Currently, trying to visit the Chemia store page redirects users to the Steam homepage. No public statement has been made by Valve or the game's developer about the issue. According to BleepingComputer, both were contacted for comment but have not responded yet.

The game was launched as an Early Access title, which means it was still in development. This section of Steam has been under fire before for weaker safety checks. Since early access games are not fully tested, they can sometimes be a backdoor for malicious code.

Previous Malware Found in Steam Games

This is not the first time malware has slipped into games on Steam. Earlier this year, a game called Sniper: Phantom's Resolution was found to contain harmful software. Another game, PirateFi, was also caught hiding malware that targeted Windows systems.

PirateFi was described as a web3 title that involved crypto elements. But both Chemia and Sniper: Phantom's Resolution do not appear to be blockchain games and were instead standard PC releases.

All 3 titles were early access games. This raises questions about Steam's review process for pre-release titles. Without stronger checks, hackers could keep using games as a way to spread malware and steal data.

EncryptHub's Wider Campaign

EncryptHub has a history. Last year, the same group ran a massive phishing campaign using this same malware combo. That attack affected over 600 organizations worldwide. Prodaft's latest report highlights the same techniques being used in this Steam-based attack.

"The compromised executable appears legitimate to users downloading from Steam, creating an effective social engineering component that relies on platform trust rather than traditional deception techniques," the report said.

"When users click on the Playtest of this game, which they find in the free games, they are actually downloading malicious software," researchers at Prodaft added.

Malware Rates and Damage Still Rising

Cyberattacks like these are becoming more common. According to data from Statista, malware infections have gone up by 87% in the past ten years. And Cybersecurity Ventures estimates that global damage from cybercrime will hit $10.5 trillion by 2025. That's more than triple the $3 trillion figure from 2015.

Steam's role in this latest case points to a growing problem. Platforms with large user bases, like Steam, can be easy targets for hackers. When users trust the source, they are less likely to check for problems. This makes platforms with weaker checks dangerous places for those who hold digital assets like cryptocurrency.

Users Warned to Stay Away for Now

At the time of writing, the Chemia game appears to be no longer available for download. But security experts warn that if users already downloaded it before its removal, their devices could still be infected.

It is not yet known how EncryptHub got access to Chemia's game files. One possible cause (per BleepingComputer) might be help from an insider. So far, Aether Forge Studios has not shared any updates on their official channels or social media.

BleepingComputer reported, "A few days ago, the hacker (also tracked as Larva-208), injected malicious binaries into the Chemia game files hosted on Steam."

Until Valve and Aether Forge confirm the game is clean, users are advised to avoid downloading or running it. Anyone who installed Chemia recently should scan their system using updated antivirus tools and check if any personal or crypto-related data has been compromised.

Full malware indicators from this attack, including file names and domains, are available on Prodaft's official GitHub page