– Malware in Beyond The Dark exploited Steam’s update gaps by hijacking a developer account and replacing assets, using a legitimate Unity file to hide payloads.
– The attack illustrates a broader trend: malware embedded in Steam games is rising, often targeting crypto wallets and sensitive data.
– Immediate risk mitigation: delete the game, run full AV scans, change passwords (email, browsers, crypto), and transfer funds to a fresh wallet on a clean device.
Beyond The Dark, a free Steam game, was quietly stealing passwords, browser data, and cryptocurrency from players before Valve pulled it on May 19. But what makes this case important isn’t just the malware — it’s how it got there, and how common this practice has become on Steam.
Origins and deception
The game originally had nothing to do with horror. A malicious actor hijacked an existing Steam developer’s account — a simple title called Rodent Race — and replaced the name, screenshots, and game files entirely. They basically exploited Steam’s lack of update verification. The store page was a huge mess of contradictions: survival horror screenshots, but a description calling it a “turn-based strategy game inspired by chess.” All of it appeared to be hastily AI-generated assets.
Hidden payload and behavior
The payload was buried inside a file called UnityPlayer.dll — a legitimate Unity engine component — which made it easy to overlook. The game would often crash on launch, but the malware kept running in the background. It connected to a remote server and downloaded tools to steal passwords, browser data, and crypto wallet credentials.
Public exposure and action
YouTuber Eric Parker published a video breaking down the malware’s behavior, which prompted Valve to remove the game entirely.
Broader pattern and investigations
This isn’t a one-off. The FBI launched a formal investigation in March 2026 into multiple malware-embedded Steam games going back to 2024, naming titles including Chemia, PirateFi, Tokenova, BlockBasters, and others — most of them targeted crypto wallets, with one case exfiltrating $32,000 in cancer donations from a streamer (read more about that here). The frequency of these incidents has only increased despite Valve’s efforts, likely because the sheer volume of new releases overwhelms the vetting system. In some cases, malware is introduced via post-launch updates that bypass initial checks.
You should delete the game ASAP, run a full AV scan (Malwarebytes or Bitdefender), change passwords for email, browsers, and any crypto accounts, and move remaining wallet funds to a fresh wallet on a clean device.
Eric Parker – Youtube via @Pirat_Nation, Steam
Leave a Reply