Valve pulled the free horror title Beyond The Dark from Steam after security researchers found it bundled malware that harvests personal data and cryptocurrency wallets. The game, originally released as Rodent Race, was hijacked when an attacker accessed the developer’s Steam account, swapped assets and store metadata, and republished the binary. The malicious code resides in a UnityPlayer.dll file.

YouTuber Eric Parker’s video showed the patched executable crashing on launch while the hidden payload continued running silently. Once active, the malware scans for browser extensions such as MetaMask, contacts external servers, and downloads additional tools capable of exfiltrating passwords, browser history, and wallet credentials. Because Steam does not fully verify every patch, the altered build slipped through without immediate detection.

Valve removed the title promptly, but users who installed it should delete the folder, run a full antivirus scan, change passwords, and move any crypto holdings to a fresh wallet on a separate device. This incident highlights the risks of unchecked updates on large distribution platforms and underscores the need for developers to secure their Steam accounts against unauthorized access.