In recent years, the Steam marketplace has been repeatedly compromised by titles discovered to be harboring malicious software. These programs were engineered to disrupt system operations or exfiltrate sensitive personal data. Following months of analysis, the Federal Bureau of Investigation (FBI) now suspects that these malware-laden games were not isolated incidents, but rather components of a much broader criminal enterprise.
The federal agency has established a specialized web portal to gather information regarding the Steam situation. Several titles, many tied to cryptocurrency fraud, have been identified as primary suspects, including BlockBlasters, Chemia, Dashverse, Lampy, Lunara, PirateFi, and Tokenova. Upon their initial release, these Trojan horses were indistinguishable from legitimate software, spanning various genres from platformers to first-person shooters. Typically, the malicious payloads were delivered via post-launch patches that appeared routine until scrutinized. In at least one documented case, an early access title coerced players into joining a playtest to inject the harmful software.
Valve has generally moved with haste to de-list these offending titles once their deceptive nature was exposed. For example, data from SteamDB indicates that BlockBlasters only ever reached a peak of seven concurrent players. Despite this narrow reach, the game was accused of siphoning $150,000 in cryptocurrency from a single victim. While such specific allegations remain difficult to independently verify, the scope of the FBI’s formal investigation suggests that the total damages or the underlying criminal network are significant.
“The actors behind these schemes operate in a complex ecosystem of developers, affiliates, and service providers who are all constantly modifying their tactics and techniques,” explains the FBI Cyber Division.
While the FBI has remained tight-lipped regarding the granular details of their findings, they have specified that the “primary threat actor” was most active on the platform between May 2024 and January 2026. The agency is currently soliciting information from the public and encouraging any affected users to assist with the ongoing inquiry.
“Based on the responses provided, you may be contacted by the FBI and asked to provide additional information,” the portal states. “All identities of victims will be kept confidential.”
Source: Polygon
