Malware in Steam Game Chemia Raises Serious Security Concerns

A recent cybersecurity incident involving the Steam game Chemia has sent shockwaves through the gaming community. While players thought they were diving into a new survival crafting experience, they were unknowingly exposing their systems—and their crypto wallets—to dangerous malware. As the lines between blockchain games and traditional titles continue to blur, this story serves as a wake-up call for the entire industry.

What Happened With Chemia on Steam?

Chemia, developed by Aether Forge Studios, was released as an Early Access game on Steam. At first glance, it looked like a typical indie survival title. But on July 22, cybersecurity firm Prodaft revealed something far more sinister lurking beneath the surface. According to their investigation, the game had been compromised by a hacker group known as EncryptHub (also called Larva-208), and it was silently delivering three types of malware to unsuspecting users.

This wasn’t just a harmless glitch or a data collection issue. This was an outright digital attack.

Inside the Malware Hidden in Chemia

The Prodaft team identified three specific malware strains within Chemia:

• HijackLoader: Acts as a backdoor, allowing hackers to remotely control infected systems.

• Vidar Stealer: Specializes in harvesting sensitive data—especially crypto wallet keys, passwords, browser cookies, and autofill details.

• Fickle Stealer: Works alongside the others to further extract private information.

These weren’t poorly written scripts. They were carefully embedded in game files and activated silently, which meant players could enjoy the game with no clue that malware was working behind the scenes.

Telegram, Remote Servers, and a Hidden Network

One of the most alarming aspects of the attack was the sophistication of its command-and-control system. The malware used Telegram channels to receive instructions from the hackers, enabling EncryptHub to update or modify their payload remotely.

Vidar Stealer, for example, downloaded additional files via a seemingly innocent executable named v9d9d.exe. Fickle Stealer, meanwhile, used a PowerShell script (worker.ps1) to pull malicious code from a shady domain: soft-gets[.]com. This multi-layered strategy helped the malware stay under the radar and maintain persistence on infected devices.

Steam Removes Chemia Quietly

Shortly after the report surfaced, Steam quietly delisted Chemia. The game’s store page now redirects to Steam’s homepage, and neither Valve nor Aether Forge Studios have made any public statements.

It’s worth noting that Chemia was listed under Steam's Early Access program—a segment known for its relaxed security policies. Games in this category aren’t fully vetted, which opens the door to incidents like this one.

While Chemia wasn’t a blockchain game, the crypto community should still pay attention. Many blockchain gaming platforms rely on early access or indie development paths, making them just as vulnerable to similar attacks.

A Pattern of Malware in Early Access Games

Unfortunately, Chemia isn’t the first Steam game to carry malware. Earlier this year:

• Sniper: Phantom’s Resolution was caught distributing malicious software.

• PirateFi, a web3-themed title, also contained malware targeting Windows systems.

All three titles were Early Access releases, and two out of the three included crypto or web3-related elements. This pattern suggests a growing trend: hackers are exploiting indie and blockchain gaming platforms to target digital asset holders.

The Bigger Picture Behind EncryptHub's Campaign

This isn’t EncryptHub’s first rodeo. In fact, Prodaft’s report links the group to a major phishing campaign last year that affected over 600 organizations globally. The attack vectors are almost identical—social engineering tactics, malware embedded in legitimate-looking apps, and data exfiltration via remote servers.

According to Prodaft, the Chemia campaign exploited users' trust in Steam, stating:

This strategy is disturbingly effective. When players see a game on a respected platform, they assume it’s safe. But in today’s digital world, trust isn’t enough.

The Growing Cost of Cybercrime in Gaming

Cyberattacks like this aren’t just annoying—they’re expensive and widespread. According to Statista, malware infections have increased by 87% over the past decade. Cybersecurity Ventures predicts global cybercrime damages will hit $10.5 trillion by 2025, compared to just $3 trillion in 2015.

Gaming platforms with massive user bases, like Steam, are prime targets. And the rise of blockchain games, where players often store valuable digital assets like NFTs or tokens, makes the space even more attractive for cybercriminals.

What Can Players Do to Protect Themselves?

If you downloaded Chemia before it was removed, your system might still be at risk. Here are a few important steps to take:

1. Run a deep antivirus scan with updated threat definitions.

2. Change your crypto wallet passwords, and check for unusual transactions.

3. Clear your browser cookies and stored credentials.

4. Avoid re-downloading Chemia, even from unofficial sources.

5. Follow security updates on Prodaft’s GitHub page (where malware indicators from this case have been published).

   
   

Will Steam and Developers Step Up?

So far, Valve and Aether Forge Studios remain silent. No formal statements have been made, and no clarification on how EncryptHub accessed the game files has been provided. Some experts speculate an insider may have helped, but it’s still unconfirmed.

Until there’s transparency from both Steam and the developer, users should be cautious of other Early Access titles—especially those that haven't built reputations or come from unknown publishers.

Final Thoughts

This incident is a stark reminder that as blockchain games and digital assets become more valuable, so does the incentive to exploit them. Whether you're playing a traditional Steam game or a web3-powered title, security should always come first.

In a world where trust can be manipulated and malware can wear the mask of entertainment, staying informed is your best defense.