The Federal Bureau of Investigation (FBI) is actively seeking victims who installed Steam games embedded with malware as part of an ongoing cybercrime investigation. According to a notice from the FBI’s Seattle Division, the malicious activity is believed to have targeted gamers between May 2024 and January 2026.
The investigation focuses on several games that were uploaded to the Steam marketplace and later discovered to contain malicious code designed to steal sensitive user data, including cryptocurrency wallets and gaming account credentials.
List of Malicious Steam Games Under Investigation
Authorities have identified multiple titles that were used as malware distribution vectors. The affected games include:
- BlockBlasters
- Chemia
- Dashverse / DashFPS
- Lampy
- Lunara
- PirateFi
- Tokenova
Gamers who downloaded or installed any of these titles during the identified timeframe are encouraged to report the incident to investigators. The FBI is specifically collecting information about compromised accounts, stolen cryptocurrency assets, and communications with individuals who promoted or distributed the malicious games.
The agency has stated that identifying victims is a legal requirement during federal criminal investigations and that victims may be eligible for restitution and other legal protections.
Focus on Cryptocurrency Theft and Account Compromise
The FBI’s victim reporting form highlights cryptocurrency theft as a key element of the investigation. Victims are asked to provide details about any suspicious cryptocurrency transactions, compromised accounts, or financial losses that occurred after installing the affected games.
Investigators are also requesting screenshots of conversations or promotional materials related to the games. This information could help trace the flow of stolen cryptocurrency and identify the threat actors responsible for distributing the malware.
Malware Hidden in Steam Game Installations
Over the past two years, several malicious games have appeared on Steam containing information-stealing malware. These campaigns often disguise malicious payloads within legitimate game files, allowing attackers to bypass initial platform moderation and security checks.
One of the most prominent cases involved the game BlockBlasters, a free-to-play 2D platformer available on Steam between July and September 2024. The title was initially uploaded as a clean application but was later modified to include cryptodrainer malware capable of stealing digital assets.
The attack gained public attention when video game streamer Raivo Plavnieks (known online as RastalandTV) revealed during a livestream that he had lost more than $32,000 in cryptocurrency after installing the game.
Blockchain investigator ZachXBT later estimated that attackers stole approximately $150,000 across 261 affected Steam accounts, while researchers from VX-Underground reported that the total number of victims may have reached 478.
Advanced Malware Used in Malicious Games
Other infected games contained sophisticated malware loaders and credential stealers.
The survival crafting game Chemia was found to deploy HijackLoader, which subsequently downloaded the Vidar information-stealing malware. Researchers later discovered an additional custom malware component known as Fickle Stealer, linked to a threat actor identified as EncryptHub. This malware targets browser credentials, cookies, saved passwords, and cryptocurrency wallet data.
Another malicious title, PirateFi, also distributed the Vidar infostealer. The game remained available on Steam for approximately one week in February 2025, during which time up to 1,500 users may have downloaded it before it was removed from the platform.
Platform Response and User Mitigation
Following the discovery of these threats, Steam issued warnings to players who had launched the infected games. Users were advised that malicious files may have been executed on their systems and were encouraged to perform comprehensive antivirus scans, review installed applications, and consider reinstalling their operating systems if compromise was suspected.
Although Valve, the developer of Steam, has taken steps to remove malicious titles and notify users, the incident highlights the growing use of gaming platforms as malware distribution channels.
Cybercriminals increasingly target gaming communities because of their large user bases, frequent downloads, and the presence of valuable digital assets such as cryptocurrency wallets and gaming accounts.
Security Best Practices for Gamers
To reduce the risk of malware infection through gaming platforms, users should follow several cybersecurity best practices:
- Verify the reputation and developer history of games before downloading.
- Monitor game updates for unusual permission requests or unexpected file changes.
- Use reputable antivirus and endpoint protection tools.
- Enable multi-factor authentication on gaming and cryptocurrency accounts.
- Avoid installing unofficial mods or third-party game installers.
These precautions are increasingly important as threat actors continue to exploit trusted platforms to distribute credential-stealing malware and financial theft tools.