FBI Warns of Malware Hidden in Steam Games
▼ Summary
– The FBI is investigating eight malicious games on Steam and is seeking information from affected users who installed them between May 2024 and January 2026.
– The malware in these games, including titles like BlockBlasters and Chemia, was designed to steal cryptocurrency, hijack accounts, and harvest sensitive data like credentials and wallets.
– One notable incident involved the game BlockBlasters, which led a streamer to lose over $32,000, with total estimated thefts reaching roughly $150,000 from hundreds of victims.
– The FBI’s victim questionnaire focuses on cryptocurrency theft and account compromises, and it requests details like transaction records and communications with game promoters.
– Steam has warned affected players about potential malware execution and advised them to run antivirus scans, review software, or consider reinstalling their operating systems.
The FBI is actively seeking information from gamers who may have installed malicious software hidden within specific titles on the popular Steam platform. This urgent request is part of a federal investigation into eight games that were uploaded containing malware, primarily targeting users between May 2024 and January 2026. The agency has identified the affected games as BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova. Individuals who installed these titles are encouraged to complete a confidential questionnaire to aid the investigation.
The focus of the inquiry appears to be on cryptocurrency theft and account hijacking resulting from the malware. The FBI’s form asks detailed questions about compromised accounts, stolen digital funds, and any suspicious cryptocurrency transactions. Investigators are also requesting screenshots of communications with individuals who promoted the games, which could help trace stolen assets back to the distributors. The agency emphasizes that all victim identities will remain confidential and that victims may be eligible for certain services or restitution under the law.
This situation highlights a persistent threat within digital gaming marketplaces. Over the past two years, several malicious games on Steam have been caught distributing information-stealing malware designed to harvest login credentials, cryptocurrency wallets, and other sensitive data from players’ computers. One prominent case involved the game BlockBlasters, a free 2D platformer available in mid-2024. Initially clean, a cryptodrainer was later added to the software.
The discovery of this threat gained widespread attention when video game streamer Raivo Plavnieks, known as RastalandTV, reported losing over $32,000 from his cryptocurrency wallet after downloading the verified Steam title during a charity livestream. Subsequent analysis by blockchain investigator ZachXBT estimated that attackers stole approximately $150,000 from hundreds of Steam accounts, with other researchers suggesting an even higher victim count.
Other titles on the FBI’s list employed similar tactics. The survival crafting game Chemia was found to contain HijackLoader malware, which downloaded the Vidar information stealer. It was later discovered the game also installed a custom malware called Fickle Stealer, designed to pilfer credentials, browser data, and digital wallets. The game PirateFi, available for about a week in early 2025, also distributed the Vidar infostealer and may have been downloaded by up to 1,500 users before its removal.
In response to these incidents, Steam has issued warnings to players who launched the malicious games, advising them that harmful files may have executed on their systems. The platform recommends users run comprehensive antivirus scans, carefully review installed software, and consider reinstalling their operating system as a precaution. The FBI continues to ask anyone with relevant information, or who knows someone potentially affected, to contact them directly at the official email address Steam_Malware@fbi.gov.
(Source: Bleeping Computer)
