Cybersecurity researchers from Cyderes' Howler Cell Threat Research Team have uncovered a sophisticated, ongoing stealer campaign that has infected over 400,000 victims worldwide since at least April 2025. The attack exploits pirated game installers for popular titles like Far Cry, Need for Speed, FIFA, and Assassin's Creed, distributed via cracking sites, luring users into executing malware disguised as legitimate software. At its core is the newly identified RenEngine Loader, hidden within a benign-looking Ren'Py game launcher, which decrypts and stages the next phase, handing off to an advanced variant of HijackLoader featuring novel anti-analysis modules such as ANTIVMGPU, ANTIVMHYPERVISORNAMES, and ANTIVMMACS. This dual-stage chain employs extensive evasion tactics-including DLL side-loading, module stomping, process doppelganging, and sandbox detection-to ultimately deploy the ACR stealer, which exfiltrates credentials, cryptocurrency wallets, and other sensitive data to attacker infrastructure. The campaign continues to rack up around 5,000 new infections daily, highlighting the persistent risks of downloading cracked software from untrusted sources.