On Thursday, February 6, a pirate-themed survival game named PirateFi was uploaded to Steam, misleadingly credited to the developer Seaworth Interactive. Unfortunately, the game was embedded with malware aimed at stealing users’ browser cookies. PirateFi lingered on the platform for over a week before Valve removed it and alerted affected users about potential risks to their PCs.

While the Steam listing for PirateFi has been removed, some screenshots still circulate online. As reported by SteamDB, between 800 to 1,500 users might have downloaded the game during its brief time on the platform. Notably, one player highlighted that promotional screenshots and videos were actually taken from another existing survival game, Easy Survival RPG.

According to an article by PCMag, several users’ antivirus programs flagged PirateFi as “Trojan.Win32.Lazzzy.gen,” identifying it as malware that could compromise browser cookies. This information could allow hackers to infiltrate users’ various online accounts.

Furthermore, PCMag reported that an individual claiming to represent PirateFi was offering job positions for an “in-game chat moderator” at a pay rate of $17, shared on Telegram. A reader even mentioned that they suspected they were conversing with a chatbot due to the quick responses and misleading guidance to download the infected game.

Following the game’s removal, Valve reached out to players of PirateFi, stating that the “Steam account of the developer for this game uploaded builds to Steam containing suspected malware.”

Valve advises any users who downloaded PirateFi to conduct a comprehensive system scan with antivirus software and to look for any suspicious or unfamiliar applications on their PCs. As a precaution, they also suggest that users consider reinstalling Windows to fully eliminate any potential malware threats.

This marked the sole game created by “developer” Seaworth Interactive. Besides the now-removed Steam page, there was no website or social media presence for the developer, a red flag for those who recognized the warning signs.

We reached out to Valve for a statement but have yet to receive a response. The pressing questions remain: How did a malware-laden game make its way onto Steam? More importantly, what measures will Valve implement to prevent such incidents in the future?