The transformation began in early May, when the original Rodent Race store page was abruptly overwritten with new branding, screenshots, and a new title: Beyond The Dark. SteamDB logs confirm that the game’s metadata—name, description, assets—was completely replaced, suggesting either a compromised developer account or an intentional takeover by a malicious actor.
The new version of the game contained a hidden payload inside UnityPlayer.dll. According to malware analysts and YouTuber Eric Parker—who detonated the game inside a virtual machine—the file acted as a dropper, pulling additional malware from a command‑and‑control server based on what crypto‑related software it detected on the victim’s machine.
Once installed, the malware scanned for:
- Cryptocurrency wallet browser extensions (e.g., MetaMask)
- Stored browser credentials
- Passwords and autofill data
- Any crypto‑related files or login sessions
It then transmitted the stolen data to remote servers, enabling attackers to drain wallets silently.
🎭 How the Hijack Worked
What makes this case especially alarming is the method:
- No new game submission occurred.
- No fresh developer account was created.
- No new reviews or history needed to be built.
Instead, the attacker repurposed an existing, low‑visibility title—one that had previously peaked at only a single concurrent player. After the rebrand to Beyond The Dark, that number rose to five, boosted by a suspicious wave of positive reviews between May 7 and May 18.
Steam’s patch‑verification process does not deeply inspect every update, allowing the malicious build to go live without triggering automated alarms. The store page even retained the original developer’s AI‑generated art disclosure, further masking the takeover.
🛑 Valve Steps In — But Questions Remain
Once Parker’s investigation circulated online, players began leaving negative reviews warning others of the malware. Valve then removed Beyond The Dark from Steam entirely. Visiting the page now shows a standard delisting notice.
While Valve acted quickly after the public warning, the incident highlights a growing pattern: malicious actors exploiting Steam’s trust system by injecting malware into updates of previously safe games. Similar attacks in 2025 involved titles like BlockBlasters, Chemia, and Sniper: Phantom’s Resolution, some of which stole over $150,000 in crypto before being caught.
🧨 Why This Attack Is Different
Unlike previous crypto‑drainer cases—where attackers uploaded entirely new games—this hijack weaponized Steam’s existing legitimacy:
- The game already had a verified store presence.
- It had a history of benign updates.
- It had no red flags for new players.
This made the malware far harder to detect and far more likely to be trusted by unsuspecting users.
🔐 What Affected Players Should Do
Anyone who downloaded or launched Beyond The Dark should immediately:
- Delete the game completely
- Run multiple antivirus scans
- Change all passwords, especially Steam and email
- Check crypto wallets for unauthorized activity
- Move remaining crypto funds to a fresh wallet on a clean device
Even if the game crashed on launch—as many reported—the malware continued running in the background.
🧭 The Bigger Picture: Steam’s Security Challenge
This incident underscores a systemic issue: Steam’s scale makes it difficult to manually vet every update, and attackers are now exploiting that gap with increasing sophistication. The hijacking of Rodent Race shows that even dormant or obscure titles can be weaponized without warning.
For players, the takeaway is sobering:
A game’s history on Steam is no longer a guarantee of safety.
