The U.S. Federal Bureau of Investigation is calling on Steam users worldwide to come forward if they installed a set of malicious games between May 2024 and January 2026. These titles, distributed through the Steam platform, allegedly contained hidden malware used to steal cryptocurrency, browser data, and online accounts, including Steam profiles.
FBI requests information from victims of malicious Steam games
The Seattle field office of the FBI has published a dedicated bulletin naming several Steam games linked to malware distribution. According to the notice, the following titles are of interest to investigators: BlockBlasters, Chemia, Dashverse (DashFPS), Lampy, Lunara, PirateFi, and Tokenova. Although presented as legitimate indie games, they are believed to have included components designed to infect players’ systems.
The FBI is asking anyone who installed or ran these games to complete a special questionnaire. The form focuses on suspicious cryptocurrency transactions, compromised login credentials, hijacked accounts, and stolen funds. Victims are encouraged to submit screenshots and logs of conversations with individuals or communities that promoted these games. Such data can help investigators trace stolen crypto assets across blockchains and identify the operators behind the campaign.
Legal status of victims and data confidentiality
The bulletin stresses that the FBI is legally required to identify victims of federal crimes under investigation. Recognized victims may be eligible for specific services, potential restitution, and protective measures under U.S. federal or state law, depending on the circumstances of the case.
The agency also emphasizes that all personal information submitted by victims will be handled confidentially and will not be made public. This assurance is significant, as many users impacted by crypto theft or Steam account compromise are often reluctant to report incidents, especially when substantial financial losses are involved.
How malicious Steam games deliver infostealers
The incident fits a broader pattern observed in recent years, where malicious games on Steam and other platforms are used as delivery vehicles for so‑called infostealers. An infostealer is a type of malware that silently harvests sensitive information from an infected device, including usernames and passwords, browser cookies, session tokens, messenger data, and cryptocurrency wallet information.
Once installed, an infostealer typically exfiltrates the collected data to servers controlled by cybercriminals. The stolen information is then used to take over Steam accounts, email inboxes, cryptocurrency wallets, and exchange accounts. For gamers, this often results not only in the loss of game libraries and valuable skins, but also in direct financial damage when digital assets and crypto holdings are drained.
BlockBlasters: high‑profile theft of charity funds
One of the most prominent cases in this campaign involves BlockBlasters, a free 2D platformer that was available on Steam from July to September 2025. The game drew wide media attention after an incident involving streamer Raivo Plavnieks (RastalandTV), who was raising donations to fund treatment for stage‑four cancer. After installing BlockBlasters, approximately $32,000 in donated funds was stolen from his accounts.
Blockchain analyst ZachXBT estimated that the overall damage from this operation reached around $150,000, affecting at least 261 Steam users. The VX‑Underground research community later suggested that the real number of victims could be as high as 478. Such discrepancies are common in cryptocurrency‑related crime, where many incidents are never formally reported or only partially documented.
Chemia, PirateFi and the Vidar / Fickle Stealer toolchain
In 2025, security researchers identified another malicious Steam game, Chemia. Its code reportedly contained the HijackLoader malware loader, deployed by a threat actor known as EncryptHub. HijackLoader then installed the well‑known Vidar infostealer, frequently used in credential theft campaigns.
Further analysis indicated that Chemia also delivered a custom infostealer dubbed Fickle Stealer, tailored to extract login credentials, cookies, browser data, and cryptocurrency wallet information. A similar approach was observed in PirateFi, another Steam game that distributed Vidar and remained live for roughly a week in February 2025. Up to 1,500 users are believed to have downloaded PirateFi before Valve removed it from the platform.
Following PirateFi’s removal, Valve reportedly notified players who had launched the game, warning that malicious software may have been executed on their systems. The company recommended a full antivirus scan, verification of installed software, and, where necessary, a complete operating system reinstallation to ensure full remediation.
Risks to gamers and practical cybersecurity measures
Attacks delivered via Steam and other gaming ecosystems are particularly dangerous because malicious components are disguised as legitimate entertainment content. Free indie titles, “NFT games,” and projects promising token rewards or rare skins are attractive vectors for spreading malware aimed at stealing cryptocurrency and digital assets.
Best practices to protect Steam and crypto accounts
To reduce the risk of infection and account compromise, users should adopt several basic cybersecurity practices:
Install games only from trusted developers and verified publishers. Review developer profiles, community feedback, and the game’s update history. Sudden changes in ownership or unusual updates can be warning signs.
Enable two‑factor authentication (2FA). Use 2FA for Steam, email accounts, and all cryptocurrency services. App‑based authenticators or hardware security keys are significantly more secure than SMS codes.
Keep operating systems and security tools up to date. Regularly update Windows, macOS, browsers, and antivirus solutions to close known vulnerabilities often abused by loaders and infostealers.
Separate gaming and high‑value crypto storage. Avoid storing substantial cryptocurrency holdings on the same machine used for casual gaming. Hardware wallets or dedicated offline devices drastically limit the impact of a single system compromise.
Users who may have installed any of the games listed by the FBI should immediately change all relevant passwords, review active sessions and connected devices, revoke suspicious access tokens, and run a comprehensive malware scan. If signs of compromise or unauthorized crypto transactions are found, contacting law enforcement and qualified incident response specialists can help contain the damage and support the broader investigation into attacks targeting the gaming community.
