decrypt.co
A pre-release game that launched on leading PC storefront Steam contained malware designed to target victims’ cryptocurrency wallets and personal data, according to a report from cybersecurity firm Prodaft.
Chemia, a survival game developed by Aether Forge Studios, was loaded by cybercriminal group EncryptHub (aka Larva-208) on July 22 with three types of malware: Hijack Loader, Fickle Stealer, and Vidar Stealer, Prodaft reported.
The former enables hackers to deploy privacy-breaching programs on an infected device. The latter two pieces of software aim to exploit digital asset wallets, in addition to accessing user data from web browsers, password managers, and other applications.
Did you play Chemia on Steam? 🎮 Then you should be worried.
LARVA-208’s modification of the game to distribute Fickle Stealer, HijackLoader and Vidar demonstrates a concerning trend.
➡️Check the IOCs now: https://t.co/heavBpufeD #threatintel #cybersecurity #malware #IOC pic.twitter.com/epfckhIohC
— PRODAFT (@PRODAFT) July 23, 2025
Tech outlet Bleeping Computer was first to report on the alleged malware-infested game. Following the report, Steam appears to have removed Chemia from its platform. A link to the game redirects visitors to the Stream homepage.
Steam did not immediately reply to Decrypt's inquiry into the apparent removal of the game.
Chemia debuted via Steam Early Access, which allows users to download video games that are still under development and may have bugs or limited features.
The malware appeared to be linked to a Telegram channel, where the cybercriminals could manage the software, steal data, and launch attacks, according to Prodaft.
Steam's security scare comes amid a global rise in cyberattacks.
Malware infections have risen 87% over the past 10 years, according to data compiled by Statista. Global cyber-economy researcher Cybersecurity Ventures forecasts cybercrimes will inflict $10.5 trillion in damages by the end of 2025, up from $3 trillion in 2015.
EncryptHub launched a spear-phishing and social engineering campaign with the same malware last year, compromising more than 600 organizations.
Amid the global rise in exploits, Steam has fielded several cases of malware infiltrating games on its Early Access platform. In March, malicious software was found in the game Sniper: Phantom’s Resolution. A month earlier, reports emerged that the title PirateFi appeared to contain a Windows-based malware designed to harvest sensitive information from unsuspecting downloaders’ devices.
Steam did not immediately respond to Decrypt's request for comment on its process for vetting video games listed on its Early Access platform.