Valve pulls free Steam horror game Beyond the Dark after malware discovery

A rodent racing game turned into a data-stealing nightmare overnight.

Ophélie Castelot
Man investigating dark room with EMF meter
(Image via Beyond the Dark)
TL;DR
  • Valve removed free horror game Beyond The Dark from Steam after players found it contained data-stealing malware.
  • The game was originally called Rodent Race before a hijacked developer account was used to rebrand the listing and push a malicious update.
  • SteamDB shows the game peaked at just five concurrent players, but anyone who installed it should scan their PC and change important passwords.
Community Reactions
How do you feel about this story?
👍
0
👎
0
😂
0
😡
0
😢
0

Valve has yanked the free horror title Beyond The Dark from Steam after players discovered the game was packed with malware designed to steal user data. The wild part? The game wasn’t even supposed to be a horror title in the first place.

Beyond The Dark started life as a completely different game called Rodent Race. Someone allegedly hijacked the original developer’s Steam account, then used it to overhaul the entire store listing, swapping the name, screenshots, and page details to turn it into a spooky horror download.

Once the makeover was complete, the attacker pushed a malicious update through Steam’s normal patch system.

Steam reviews games when they first launch, but post-release patches face far less scrutiny. That gap is reportedly how the bad build made it to users without setting off alarms.

For anyone who already had the original game installed, Steam’s auto-update feature would have quietly delivered the infected version in the background.

The malware itself appears to be a dropper, meaning the initial file pulls down additional malicious code after it runs. Early technical breakdowns suggest the suspicious DLL loaded Unity components first, then scanned browser extensions, reportedly hunting for cryptocurrency wallet data and other browser-stored info.

Small game big warning

The damage was likely limited. SteamDB data shows the game peaked at just five concurrent players during the affected window, and Valve removed it roughly a week and a half after the malicious update went live. Total downloads are unknown, but exposure is believed to be small.

Valve hasn’t released a public statement on what happened, and it remains unclear whether affected users were directly notified, whether refunds or warnings were issued, or whether the original developer has regained control of their account.

Anyone who installed Beyond The Dark should uninstall it immediately and run a full antivirus scan. Changing passwords from a clean device, revoking active browser and Steam sessions, resetting two-factor authentication, and checking crypto wallet activity are all smart moves.

Related
Steam is developing a feature that shows estimated FPS before you buy a game

Browser extensions are worth a close look too, since that’s where the malware reportedly went snooping.

Explore More
Gaming
Meet the Editor
mm
Ophélie Castelot
Senior Editor
Stay ahead with the fastest news from Spilled. We use smart tech and our editors' know-how for quick and accurate stories. Spotted an error? Report it here.