The FBI's Seattle Division is seeking to identify potential victims installing Steam games embedded with malware. The investigation centres on BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova, which were compromised during the timeframe of May 2024 and January 2026.
The scale of the problem reflects a systemic weakness in how gaming platforms manage security. These games secretly steal your data while seeming unsuspicious. More troublingly, in some cases, subsequent updates or patches introduce the malware, letting the base game pass Steam's checks. This means a game could pass Valve's initial vetting process only to become infected after release through seemingly routine updates that players install automatically.
The financial and personal consequences have been severe. BlockBasters exfiltrated $32,000 worth of cancer donations from a streamer last year. Beyond this high-profile case, pretty much all of these games are crypto scams that drain your wallets once launched. The malware targeting goes further still. The attackers were targeting data stored in browsers, including saved passwords, autofill info, cookies, and cryptowallet details.
The frequency of these thieving games has only gone up in the past few years despite Valve's efforts to regularly combat them. It's likely that the influx of new releases overpowers the vetting system, letting a few bad apples through. Steam processes thousands of new titles regularly, creating a situation where security gaps naturally emerge. The sheer volume appears to be outpacing Valve's ability to maintain consistent oversight.
For those affected, the FBI has made reporting straightforward. You can fill out the "Seeking Victim Information" form on the FBI's website if you've been affected. If you know someone else who was targeted by these fake, malicious Steam games, then send an email to Steam_Malware@fbi.gov. Victims of these malware-embedded titles will help with the investigation and be kept completely confidential.
The investigation underscores both the genuine appeal of gaming platforms and their vulnerability to exploitation. With Steam's huge userbase (over 100 million monthly active users), a compromised game can serve as a direct path for cybercriminals to get hold of valuable digital assets, direct financial information, and personal information. At stake is not merely entertainment, but the financial and digital security of millions of players.
Players concerned about whether they installed one of these titles should verify their systems have been scanned for malware and consider changing passwords on critical accounts, particularly those tied to financial services or cryptocurrency wallets. The FBI's involvement signals that federal authorities are taking these incidents seriously enough to pursue criminal charges against the developers responsible.