Cyber threat intelligence firm Prodaft discovered that “Chemia,” a survival crafting game previously available through Steam’s Early Access program, contained three strains of malware including Fickle Stealer, Vidar Stealer, and HijackLoader. The game, developed by the otherwise non-existent Aether Forge Studios, required users to request playtest access and was designed to steal cryptocurrency wallet data, browser information, passwords, and deploy additional malware. Steam removed the game on July 25, two days after Prodaft’s findings were published, highlighting the risk of downloading software from unknown developers even on trusted platforms. Prodaft linked the malicious game to the EncryptHub group, which has been conducting sophisticated spear-phishing attacks since June 2024, and shared indicators of compromise on GitHub.