Steam Games Used as a Vector for Crypto Theft

A new and unexpected threat has emerged for cryptocurrency users: malicious actors are exploiting Steam games as a delivery mechanism for malware that steals crypto assets. Gaming platforms like Steam are generally trusted by users, which makes them attractive targets for hackers. In recent incidents, attackers have injected info-stealing malware into Steam game files. These malware programs lie in wait on a victim’s computer, harvesting sensitive data such as login credentials and crypto wallet keys, all under the guise of an ordinary game. This article explores how Steam games are being used as a vector for crypto theft, the methods involved, and steps users can take to protect themselves.

How Attackers Exploit Steam’s Trust and Mechanics

Steam’s vast user base and the trust gamers place in the platform provide a fertile ground for cybercriminals. Attackers have found ways to sneak malicious code into legitimate-looking games, especially those in Early Access (pre-release test versions) which may have less oversight. In one case, a threat actor known as EncryptHub compromised the files of a survival game called Chemia on Steam, inserting a malware loader and an info-stealer into the game’s installation package. When players downloaded what they thought was a normal game update or demo, they inadvertently installed these malicious components.

The mechanism works like this: the malicious game file includes a Trojan downloader that runs alongside the game itself. This downloader establishes a foothold on the user’s system and then fetches additional payloads – in Chemia’s case, it pulled in malware like HijackLoader and Vidar. Vidar is a notorious information-stealer (offered as Malware-as-a-Service) that can harvest a wide range of data. To make matters worse, just hours after the first malware was added, the attackers injected a second stealer (dubbed Fickle Stealer) through a game library file.

Because this malicious code runs in the background and does not noticeably affect the gameplay, victims remain oblivious to the compromise. The game continues to run normally, so users have no indication anything is amiss. Attackers rely on the inherent trust in the Steam platform – if a download comes from Steam, users assume it’s safe. This is a form of social engineering: abusing platform trust instead of the usual phishing lures.

Info-Stealer Malware Targeting Crypto Assets

Once installed, the info-stealer malware goes to work scanning the victim’s system. Modern info-stealers like Vidar and Fickle Stealer are designed to harvest data from browsers and files, looking for saved passwords, cookies, and autofill information – and crucially, any data related to cryptocurrency accounts. This includes crypto wallet credentials, private keys, or seed phrases if they’re stored insecurely, as well as credentials for crypto exchanges or wallet apps. The malware then transmits the stolen data back to the attackers via a command-and-control channel (in one case, the malware obtained its instructions from a Telegram channel).

By stealing browser cookies and login tokens, attackers might hijack sessions to web-based wallets or exchange accounts. By grabbing text files or clipboard data, they may capture private keys or recovery phrases. Some malware can even detect and target specific wallet applications installed on the machine. All of this enables the thieves to empty crypto accounts or transfer assets without the user’s consent. The end result is that gamers who thought they were simply playing a new game could wake up to find their cryptocurrency holdings stolen.

Notably, the malware embedded in Steam games this year has been linked to multiple incidents. The Chemia attack is at least the third known case in 2025 of malware slipping onto Steam via games. Earlier examples included a game called Sniper: Phantom’s Resolution in March and PirateFi in February – both turned out to be Trojan horses carrying similar info-stealing payloads. In another scenario, scammers didn’t even need to inject malware into the game files; they simply used a Steam game’s page to redirect players to an external site to download a “demo” that was actually malware. These cases underscore that attackers are experimenting with different vectors on Steam – whether by directly compromising game files or by using social engineering through game communities and pages.

Protecting Yourself: Safe Gaming and Crypto Security

For users, the idea that a game can steal your crypto is alarming, but there are concrete steps to defend against this threat:

• Be Wary of Unfamiliar or Unverified Games: Treat little-known Early Access games or unsolicited game invites with caution. If someone (even a friend) randomly messages you to “try out this new game”, be skeptical. Scammers often hijack accounts to send such invites. Verify through an outside channel if a friend actually sent a game recommendation.
• Stick to Trusted Sources: Only download games or demos directly from official platform stores (Steam, Epic, etc.) and avoid external download links posted in reviews or forums. If a Steam page directs you to an external website for a download, that’s a red flag.
• Maintain Strong Device Security: Use an up-to-date anti-malware solution on your gaming PC and run regular scans. Good security software can often detect known info-stealers or suspicious behavior, blocking the malware before it can do harm. If you did install a game like Chemia that was later found compromised, run a full system scan immediately.
• Segregate Crypto Activities: Consider keeping your crypto wallet environment separate from your day-to-day gaming PC. For example, use a dedicated device or a hardware wallet for managing significant crypto assets. This way, even if a game malware infects your PC, it’s far less likely to be able to access your sensitive crypto keys. At the very least, avoid storing plaintext private keys or recovery phrases on the same machine you use for casual downloading or gaming.
• Stay Informed: Keep an eye on cybersecurity news, especially if you are an active gamer with digital assets. Platforms like Steam do react to these incidents (e.g., by removing malicious games), but there can be a lag. Knowing the names of compromised games or prevalent scams can help you avoid them. The fact that Steam games have become a direct path for cybercriminals to grab valuable digital assets means users should adopt a security mindset even while gaming.

Conclusion: The convergence of online gaming and cryptocurrency in these attacks is a reminder that any digital platform can become an attack vector when there’s value at stake. Steam, with over 100 million active users, presents an enticing target for thieves looking to steal crypto wallets and personal data. By exploiting trust in the platform and the enthusiasm of gamers, attackers have added a new twist to crypto theft. Users don’t need to panic or quit gaming, but they should exercise the same caution with game downloads as they would with email attachments or unknown apps. In an era where our entertainment and financial lives are increasingly intertwined, maintaining good cyber hygiene – even while seeking achievements in a game – is essential. Stay vigilant, keep your systems secure, and enjoy gaming with peace of mind knowing you’ve guarded your crypto assets against these lurking threats.