> Back to All Posts

Steam Malware Attack Targets Chemia Early Access Game

Chemia Malware

Hackers have compromised the early access Steam game Chemia, injecting it with info-stealing malware and endangering unsuspecting players. The attack marks the third major Steam-related malware campaign in 2025, raising urgent concerns about the platform’s ability to vet developer uploads.

Malware Hidden in Game Files

The threat actor known as EncryptHub, also tracked as Larva‑208, tampered with the official Chemia game files on July 22. Two malicious components were added:

  • HijackLoader (CVKRUTNP.exe): Establishes persistence and downloads the Vidar infostealer, which steals browser data, credentials, and cryptocurrency wallet info.
  • Fickle Stealer (cclib.dll): Delivered three hours later through a malicious DLL, it uses PowerShell to execute and exfiltrate additional data.

Both payloads communicate with attacker-controlled infrastructure via a Telegram channel and a malicious domain (soft-gets[.]com).

How the Attack Worked

Unlike phishing campaigns or rogue downloads, this attack relied on Steam’s own infrastructure. The malware was embedded directly in Chemia’s early access files. Meaning players downloaded it thinking it was a legitimate game update.

Victims who launched the game unknowingly executed the payloads, triggering silent data theft in the background.

Not an Isolated Incident

This marks the third malware campaign targeting Steam in 2025, following:

  • PirateFi (February): A fake crypto-themed game used to deliver Vidar.
  • Sniper: Phantom’s Resolution (March): A GitHub-hosted game demo tied to malware.

This time, the attack was particularly dangerous because it used Steam’s own distribution pipeline.

Who Is at Risk?

Anyone who downloaded or played Chemia after July 22 may be compromised. This includes users on Windows systems vulnerable to PowerShell exploitation and users logged into Chrome, Discord, or Steam during gameplay.

Stolen data may include:

  • Browser cookies and autofill entries
  • Passwords and session tokens
  • Stored crypto wallet credentials
  • Discord authentication tokens

What to Do If You Played Chemia

Steam has not yet issued a full takedown notice or advisory. If you played the game:

  1. Uninstall Chemia immediately.
  2. Run a full antivirus/malware scan.
  3. Change your passwords, especially for Steam, Discord, email, and any synced browsers.
  4. Wipe and reinstall your OS if you notice suspicious activity or if sensitive data was stored.

Final Thoughts

The Chemia malware attack is a wake-up call. Distributing malware through Steam’s early access titles is a dangerous new tactic that blends trust with stealth. With more games going live without full audits, users should treat all early access titles with caution, and Steam must respond quickly to protect its player base.

 

Janet Andersen

Janet is an experienced content creator with a strong focus on cybersecurity and online privacy. With extensive experience in the field, she’s passionate about crafting in-depth reviews and guides that help readers make informed decisions about digital security tools. When she’s not managing the site, she loves staying on top of the latest trends in the digital world.