Steam removes horror game after malware steals player data

A free horror game on Steam turned into a real-world cybersecurity threat after a gamer discovered malware hidden within it.

Valve has since removed Beyond The Dark from Steam, but anyone who downloaded the game should immediately scan their system, change passwords and monitor cryptocurrency wallets for suspicious activity.

YouTuber Eric Parker says it targets browser data, saved credentials, and crypto wallet extensions such as MetaMask. Even worse, the malware continued to run in the background even after the game failed to launch

Key takeaways

Valve removed Beyond The Dark after malware allegations surfaced.
The malicious payload allegedly stole passwords, browser data, and crypto wallet information.
Attackers reportedly hijacked an existing Steam game instead of publishing a new one.
The malware hid inside a modified UnityPlayer.dll file.
Anyone who installed the game should run antivirus scans and change passwords immediately.

Malware reportedly targeted crypto wallets and saved credentials

Users were quick to point out that the game originally existed on Steam under the name Rodent Race. A likely scenario is that the attackers hijacked the developer’s Steam account, renamed the game, replaced screenshots and pushed a malicious update.

The report also notes that the store page disclosed the use of AI-generated artwork that was later modified manually. Researchers suspect AI tools may have helped attackers quickly rebrand the hijacked title.

YouTuber Eric Parker investigated the game and published findings showing suspicious behavior linked to the file UnityPlayer.dll. The malware reportedly looked for browser-based cryptocurrency wallets, tried to steal saved browser credentials, connected to external servers to download additional tools and collected browser session information and wallet data.

This type of malware falls into a broader category known as “infostealers.” Cybercriminals increasingly distribute them through fake software installers, pirated applications, browser extensions and compromised gaming platforms.

How to stay safe when downloading games from Steam

While Steam remains relatively safe overall, this incident shows that no platform is immune to abuse.

Still, gamers should be careful when downloading new titles. They should check the publisher’s history, check the community, read the comments from other players, and use security solutions that can determine in real time if you’ve downloaded malicious code.

What players should do now

Anyone who downloaded or launched Beyond The Dark should treat the incident seriously and take the following steps:

Delete the game completely
Run a full anti-malware scan
Change passwords tied to browsers and gaming accounts
Review Steam account activity for suspicious logins
Move cryptocurrency funds to a new wallet if crypto extensions were installed
Enable multi-factor authentication wherever possible

FAQ

Was the game confirmed to contain malware?

According to reports, the game contained infostealer malware hidden inside a DLL file. Valve later removed it from Steam.

What could the malware steal?

The malware allegedly targeted browser data, saved passwords, session information, and crypto wallets like MetaMask.

What should players do if they have installed it?

Delete the game, run antivirus scans, change passwords, and monitor wallets and online accounts for suspicious activity.

Can malware appear on Steam?

Yes. While rare, attackers can abuse compromised developer accounts or malicious updates to distribute malware through trusted platforms.

Why are gamers targeted?

Gaming accounts often contain payment data, valuable digital items and access to cryptocurrency, making them attractive targets for cybercriminals.