A Steam game used to spread a crypto wallet stealer – Chemia was distributing Vidar, Fickle Stealer, and HijackLoader.
Crypto Wallets and the Hidden Threat, Again
Despite nearly identical incidents having occurred before, we are once again facing hidden malware targeting cryptocurrency wallets. Specifically, the Steam game Chemia, distributed via Steam as part of its Early Access program, contained a built-in HijackLoader along with two additional components: Fickle Stealer and Vidar Stealer. These three modules worked together to infect devices, extract session tokens, browser passwords, and crypto wallet configuration files.
Crucially, PRODAFT linked the incident to the hacker group LARVA-208, previously known for distributing similar tools. They also highlighted that this was the first documented case of Vidar and Fickle Stealer being deployed via a legitimate gaming platform with full storefront integration.
Attackers specifically targeted crypto users operating desktop wallets and browser extensions. At risk were not only private keys and seed phrases, but also access to DApp sessions and custodial logins. As of publication time, Steam has not issued an official statement regarding the incident or its vetting process for Early Access submissions.
Security First
The takeaway is clear: major platforms must recognize their responsibility to users. It’s one thing for someone to download a pirated product from a shady website – it’s quite another when they install malware through a trusted provider without any warning.
This leads to a second conclusion: users must not only rely on verified sources but also remain vigilant and verify everything themselves. Stay alert and stay tuned for the latest updates across crypto, blockchain, and DeFi.
