The FBI is asking players who put in Steam titles containing malware to offer data as a part of an ongoing investigation into eight malicious video games uploaded to the gaming platform.
In a discover revealed at this time by the FBI’s Seattle Division, the company stated it’s making an attempt to determine people who have been affected after putting in one of many malicious video games on Steam between Might 2024 and January 2026.
“The FBI’s Seattle Division is looking for to determine potential victims putting in Steam video games embedded with malware. The FBI believes the menace actor primarily focused customers between the timeframe of Might 2024 and January 2026,” reads the discover.
“Within the investigation, a number of video games have been recognized to incorporate, BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova.”
“For those who and/or your minor dependent(s) have been victimized from putting in certainly one of these video games or have data related to this investigation, please fill out this brief type.”
The questionnaire signifies that the FBI is concentrated on cryptocurrency theft and account hijacks after the set up of the malware, asking questions on cryptocurrency transactions, compromised accounts, and stolen funds.
The shape additionally asks for any screenshots of communications with people who promoted the video games, which may assist investigators monitor the stolen cryptocurrency and hint it to those that distributed the malware.
“The FBI is legally mandated to determine victims of federal crimes it investigates. Victims could also be eligible for sure providers, restitution, and rights beneath federal and/or state regulation. All identities of victims will likely be saved confidential,” the FBI informed BleepingComputer.
“The web site and electronic mail listed within the mass notifications despatched on March 12, 2026, are official and licensed by the FBI. Right now, the FBI is unable to offer particular particulars past the data referenced on the web site within the electronic mail notification to clients.”
The FBI can be asking anybody who is aware of somebody who might have been affected to encourage them to submit an inquiry to Steam_Malware@fbi.gov.
BleepingComputer additionally despatched inquiries to Valve in regards to the investigation, however didn’t obtain a reply to our electronic mail.
Malware hidden in Steam video games
A number of malicious video games found on Steam over the previous two years have distributed information-stealing malware designed to reap credentials, cryptocurrency wallets, and different delicate information from gamers’ units.
One of many most notable instances concerned BlockBlasters, a free-to-play 2D platformer accessible on Steam from July to September 2024. Whereas initially uploaded to Steam as a clear program, cryptodrainer malware was later added to the sport.
Information that the Steam sport was malicious was revealed throughout a livestream by online game streamer Raivo Plavnieks (RastalandTV), who was elevating cash for most cancers therapy.
After downloading the verified Steam sport, the streamer reported shedding greater than $32,000 from his cryptocurrency pockets.
Blockchain investigator ZachXBT later estimated that attackers stole roughly $150,000 from 261 Steam accounts. Cybersecurity researcher VX-Underground later reported the next depend of 478 victims.
Within the malicious Chemia survival crafting sport, a menace actor often called EncryptHub added the HijackLoader malware, which downloaded the Vidar data stealer. It was later found that the sport additionally put in EncryptHub’s customized Fickle Stealer malware, which steals credentials, browser information, cookies, and cryptocurrency wallets.
The PirateFi sport additionally distributed the Vidar infostealer and was accessible on Steam for a couple of week in February 2025. As much as 1,500 customers might have downloaded the sport earlier than it was faraway from Steam.
Steam later warned gamers who launched the sport that malicious information might have been executed on their computer systems and suggested them to run antivirus scans, evaluate put in software program, and contemplate reinstalling their working system.
Malware is getting smarter. The Crimson Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 methods and see in case your safety stack is blinded.
