A game on Steam Early Access hid three dangerous malware strains

13 August 2025

Table of contents

When entertainment turns into a cyberattack
Three malware in one game: what was really in “Chemia”
A fake studio and a platform caught off guard
Behind the attack: an organized cybercriminal group
How to stay safe while gaming online

When entertainment turns into a cyberattack

In the world of digital gaming, trust is often taken for granted. Platforms like Steam, relied on by millions of users, are not immune to criminal manipulation. The discovery by Prodaft, a cyber threat intelligence company, shook the community: the game “Chemia”, available in Early Access, was in fact a bait to spread malware.

Three malware in one game: what was really in “Chemia”

Behind the facade of a post-apocalyptic survival game were hidden Fickle Stealer, Vidar Stealer, and HijackLoader. The first two are infostealers: they extract credentials, login data, financial info, crypto wallets, and passwords. HijackLoader is even more insidious—it acts as a backdoor, allowing further malware to infiltrate the victim’s system later on.

A fake studio and a platform caught off guard

The alleged developer, Aether Forge Studios, turned out to be non-existent: no website, no profiles, no trace. Meanwhile, Steam took two days to remove the game after the report, potentially exposing dozens—if not hundreds—of users to infection. The incident raises doubts about response times on platforms, especially for Early Access titles.

Behind the attack: an organized cybercriminal group

This operation has been linked to EncryptHub, a group known for sophisticated spear-phishing attacks. According to Prodaft, the malware in “Chemia” is part of a broader strategy launched in June 2024. The company has also released indicators of compromise (IOC) on GitHub for researchers and cybersecurity professionals.