The FBI's Seattle Division is seeking to identify potential victims who installed Steam games embedded with malware, with the agency believing the threat actor primarily targeted users between May 2024 and January 2026.
The agency has publicly identified seven games as the focal point of the investigation. The list includes Chemia, Dashverse / DashFPS, Lampy, Lunara, PirateFi, Tokenova, and BlockBasters. Victims of these malware-embedded titles will help with the investigation and be kept completely confidential.
The technical assault was simple in its deception. The games served as a sort of Trojan horse, tricking gamers to install malware on their computers. Multiple malicious games discovered on Steam over the past two years have distributed information-stealing malware designed to harvest credentials, cryptocurrency wallets, and other sensitive data from players' devices. In some cases, the malware was embedded from the start; in others, it arrived through suspicious updates.
BlockBlasters, a free-to-play 2D platformer available on Steam from July to September 2024, initially appeared as a clean program before cryptodrainer malware was later added to the game. The consequences were severe. The malware was discovered during a livestream by video game streamer Raivo Plavnieks, who was raising money for cancer treatment, with blockchain investigator ZachXBT later estimating that attackers stole roughly $150,000 from 261 Steam accounts.
The broader scope of the attack extends beyond cryptocurrency theft. In the malicious Chemia survival crafting game, a threat actor known as EncryptHub added the HijackLoader malware, which downloaded the Vidar information stealer, and also installed EncryptHub's custom Fickle Stealer malware, which steals credentials, browser data, cookies, and cryptocurrency wallets. In one case, the malware stole a Microsoft account, blocked Microsoft support from the associated emails, and sent scam links to the targeted users' contacts.
The attack on PirateFi illustrates the speed at which Valve can respond once a threat is detected. The PirateFi game distributed the Vidar infostealer and was available on Steam for about a week in February 2025, with up to 1,500 users potentially having downloaded the game before it was removed from Steam.
Platform challenges and accountability
The incident raises uncomfortable questions about platform oversight. Valve has generally been quick to delist Steam games that disguise malware following complaints, but has faced criticism for failing to vet nefarious titles before they appear in the store. Adding to the problem, it's relatively inexpensive to publish a game on the marketplace, and the company's moderation teams have struggled to keep up with a growing surge of new submissions.
According to the FBI, identifying victims is an important part of federal cybercrime investigations because it allows authorities to determine the scope of the attack and potentially recover losses for those affected. Malware disguised as games can be especially dangerous because users often trust the platform and may not suspect that a downloaded title could contain harmful code, and once installed, these programs can steal sensitive data such as login credentials, cryptocurrency wallet information, and personal files.
How victims can report
Affected users can fill out the "Seeking Victim Information" form on the FBI's website if they've been affected, or send an email to Steam_Malware@fbi.gov if they know someone else who was targeted by these fake, malicious Steam games. The process is entirely voluntary, but if you choose to step up, you might be followed up with later based on your responses.
The FBI is asking victims of the malware scam to provide information about their engagement with the games, including how they discovered the games, who told them about the games, and the amount of money stolen. The FBI also confirmed that the agency may ask some affected victims to give additional information as part of its investigation.
The FBI has clarified that the investigation is not aimed at shutting down Valve or Steam itself. Instead, the games are believed to be just one branch of a criminal network that may involve developers, affiliates, and service providers working together.