A malicious game distributed through Steam has been removed from Valve’s platform after users discovered it was secretly harvesting player data and communicating with remote command-and-control infrastructure.
The game, titled Beyond The Dark, masqueraded as a free indie horror title on Steam but allegedly contained malware that profiled infected systems and could potentially deploy additional payloads.
The discovery was first documented by YouTuber Eric Parker, who analyzed the game after receiving reports from users claiming the title was suspicious. According to Parker, the game appeared legitimate on the surface, with a Steam store page advertising a multiplayer survival-horror experience. However, deeper inspection revealed behavior inconsistent with normal game software.
Parker noted that the game had originally launched under a different name, Rodent Race, before being rapidly rebranded into Beyond The Dark in early May. SteamDB records reportedly showed extensive changes to the game’s metadata, artwork, and descriptions over a short period, suggesting the original listing may have been repurposed to bypass Steam’s review process.
During his analysis, Parker ran the game in an isolated virtual machine and monitored its activity using forensic and system-monitoring tools. While the title displayed a basic Unity-based interface and crude gameplay elements, Parker observed extensive outbound network traffic shortly after launch.
Further reverse engineering uncovered what Parker described as a malicious DLL embedded within the game files. The malware appeared capable of profiling infected systems, collecting MAC addresses, enumerating Chrome browser extensions, and communicating with a remote API server to receive follow-on instructions.
One of the more concerning discoveries involved the malware scanning installed browser extensions commonly associated with cryptocurrency wallets, including MetaMask. Parker explained that attackers likely targeted crypto users because browser wallet extensions are frequently used to manage digital assets and decentralized finance accounts.
The malware also appeared capable of downloading secondary payloads from its command-and-control server, depending on what it detected on the victim’s machine. Parker identified functionality allowing the server to deliver ZIP archives containing additional malware components.
Valve has not publicly commented on the incident as of the time of writing, but the game has since been removed from Steam’s catalog following reports from users and researchers. The case adds to a growing list of malware-related incidents involving Steam titles, including previous campaigns tied to games such as PirateFi, Block Blasters, and Sniper: Phantom’s Resolution.
CyberInsider
Steam remains the world’s largest PC gaming storefront, hosting tens of thousands of titles from major publishers and independent developers alike. While Valve reviews games before publication, several recent incidents suggest attackers are increasingly abusing post-approval updates to inject malicious code after passing initial checks.
Users who downloaded or launched Beyond The Dark are advised to immediately uninstall the game, run a full antivirus scan, revoke browser sessions, and change passwords associated with sensitive accounts, especially cryptocurrency wallets.
Also, be cautious with low-effort or AI-assisted “asset flip” games currently flooding digital storefronts. Parker described the title as a barely functional Unity project that appeared designed primarily as a malware delivery mechanism rather than a legitimate game.
Leave a Reply