Unknown cybercriminal infiltrates Steam Early Access game Chemia with crypto-jacking, info-stealing malware and a backdoor for future malware installation, as discovered by a security firm
In a recent shocking turn of events, the Early Access game "Chemia," developed by Aether Forge Studios, was found to contain three malware strains: Fickle Stealer, Vidar Stealer, and HijackLoader. The game, which was still available on Steam as of July 25, 2025, was swiftly removed following public disclosure of the malware presence.
The discovery of malware in "Chemia" has raised questions about the legitimacy of the game and its developer, Aether Forge Studios. Despite the Steam store listing, no legitimate online presence, websites, or social media profiles could be found linking the name to the game "Chemia," suggesting the developer may be a front or non-established entity specifically for distributing this compromised software.
The malware strains embedded in "Chemia" are of concern. Fickle Stealer and Vidar Stealer are infostealers, designed to extract sensitive user data such as passwords, financial information, and credentials. HijackLoader, a sophisticated loader malware, establishes persistence on the victim's device and downloads additional payloads, amplifying the attack's impact.
The cybercriminal group behind this attack is identified as EncryptHub, known for sophisticated spear-phishing and malware campaigns since mid-2024. However, it's important to note that EncryptHub has not been explicitly linked to the development or distribution of "Chemia."
This incident serves as a stark reminder of the increasing use of gaming platforms like Steam by threat actors to distribute malware. It underscores the importance of vetting software sources, especially for products from unknown developers, to ensure the safety of personal data.
"Chemia" was described as a survival crafting game set in a world ravaged by a natural disaster, requiring players to gather resources, craft equipment, and navigate a hazardous world to survive. The game was not publicly available; Steam users had to request access to the playtest.
Prodaft, a cybersecurity firm, shared indicators of compromise (IOCs) related to the versions of Fickle Stealer, Vidar Stealer, and HijackLoader that were embedded in "Chemia" on GitHub. These IOCs are likely to be useful in identifying and mitigating the malware associated with "Chemia."
As the digital landscape continues to evolve, it's crucial for users to remain vigilant and cautious when downloading and installing software, especially from unknown developers. The case of "Chemia" serves as a grim reminder of the potential risks associated with such actions.
- The concern over encrypted malware strains found in the game "Chemia" doesn't just apply to the gaming world; it emphasizes the need for cybersecurity measures when using smartphones or other gadgets that may download software from unknown sources.
- Given the dubious origin of "Chemia," a game that was removed from Steam due to embedded malware, technology experts recommend extreme caution when purchasing applications or games from developers with little or no online presence, to safeguard against potential cyber threats.
