If you’ve downloaded any free-to-play or early access games on Steam in the last two years, the FBI has a question for you: did you install any of these?

  • BlockBlasters
  • Chemia
  • Dashverse / DashFPS
  • Lampy
  • Lunara
  • PirateFi
  • Tokenova

If any of those names ring a bell, your computer may have been compromised — and the FBI wants to hear from you.

On March 12, 2026, the FBI’s Seattle Division published a notice seeking victims of a malware campaign that used Steam — the world’s largest PC gaming platform with over 120 million monthly active users — as a distribution platform for information-stealing malware. The threat actor was active between May 2024 and January 2026, hiding malware inside games that looked completely legitimate.

Let’s break down what happened, how it worked, and what you should do if you think you might be affected.

What Happened?

A threat actor (or group) uploaded at least eight games to Valve’s Steam platform. These games looked like normal indie titles — a 2D platformer, a survival crafting game, a sci-fi shooter. They had store pages, screenshots, and descriptions just like any other Steam game.

But hidden inside the game files was malware — specifically, information stealers designed to silently harvest:

  • 🔑 Passwords saved in your browser
  • 🍪 Browser cookies (which can be used to hijack your logged-in sessions)
  • 💰 Cryptocurrency wallet data (private keys, seed phrases, wallet files)
  • 📋 Clipboard data (to intercept copied crypto addresses)
  • 🎮 Steam credentials and session tokens

The malware ran in the background while you played the game. You wouldn’t notice anything unusual — the game worked fine. Meanwhile, your most sensitive data was being exfiltrated to the attacker’s servers.

The Known Malicious Games

Here’s what we know about each game:

BlockBlasters

A free-to-play 2D platformer that was on Steam from July to September 2024. This was one of the most damaging — a video game streamer named Raivo Plavnieks (RastalandTV) downloaded it during a charity livestream raising money for cancer treatment and lost over $32,000 from his cryptocurrency wallet.

Blockchain investigator ZachXBT later estimated that attackers stole roughly $150,000 from 261 Steam accounts. Cybersecurity researcher VX-Underground put the victim count even higher at 478 confirmed victims.

The nasty twist: BlockBlasters was initially uploaded as a clean program. The malware was added later through an update, bypassing Steam’s initial review.

Chemia

A survival crafting game created by a threat actor known as EncryptHub (who has been linked to breaches at 618 organizations). Chemia contained HijackLoader malware, which downloaded the Vidar information stealer and EncryptHub’s custom Fickle Stealer malware.

PirateFi

A pirate-themed game that was available on Steam for about one week in February 2025 before being removed. Despite the short window, up to 1,500 users may have downloaded it. It also distributed the Vidar infostealer.

Steam actually sent warnings to players who launched PirateFi, advising them to run antivirus scans and “consider reinstalling their operating system.”

Dashverse / DashFPS, Lampy, Lunara, Tokenova

Less is publicly known about these titles, but they’re part of the same FBI investigation. The FBI believes they were created by the same threat actor or group.

How Did Malware Get on Steam?

This is the question every gamer is asking. Steam is supposed to be safe, right?

The reality is more nuanced:

  1. Steam’s review process isn’t antivirus. Valve reviews games for content policy violations, store page accuracy, and basic functionality — not for deeply hidden malware that activates after installation.

  2. Post-release updates can add malware. A game can pass initial review clean, then push a malicious update later. This is exactly what happened with BlockBlasters.

  3. Free-to-play and early access lower the barrier. These games don’t require purchase, making them easy to distribute widely. “It’s free, why not try it?” is exactly the thinking attackers exploit.

  4. Small indie games get less scrutiny. A game from a major publisher gets intensive review. A free indie game from an unknown developer? Much less so.

What the FBI Is Looking For

The FBI’s questionnaire focuses on:

  • Cryptocurrency theft: Were coins stolen from your wallets after installing these games?
  • Account hijacking: Were your accounts (Steam, email, social media, banking) compromised?
  • Communications with promoters: Did anyone in Discord, Reddit, or social media recommend these games to you? The FBI wants screenshots of those conversations.

The FBI emphasizes that all victim identities will be kept confidential. They’re trying to:

  1. Track the stolen cryptocurrency through blockchain analysis
  2. Identify the individuals behind the malware distribution
  3. Build a federal case for prosecution

If you were affected, contact: Steam_Malware@fbi.gov

How to Check If You’re Affected

Step 1: Check Your Steam Library History

Go to your Steam account → Purchase History, or search your email for receipts from any of the eight games listed above. Even if you uninstalled a game, it may appear in your history.

You can also check SteamDB or your Steam profile’s “recently played” section for games that have been removed from the store.

Step 2: Run a Full Malware Scan

If you installed any of these games (or honestly, any suspicious free games), run a thorough scan:

  • Windows Defender (built-in, run a Full Scan, not Quick Scan)
  • Malwarebytes (free version does on-demand scans)
  • HitmanPro or ESET Online Scanner for a second opinion

The specific malware families to look for are Vidar, Fickle Stealer, and HijackLoader.

Step 3: Change Your Passwords

If you had a browser with saved passwords on the same machine where you installed one of these games, assume those passwords are compromised. Change them — starting with:

  1. Email accounts
  2. Banking and financial services
  3. Cryptocurrency exchanges and wallets
  4. Steam and other gaming platforms
  5. Social media accounts

Use a password manager (Bitwarden, 1Password, KeePass) and enable two-factor authentication everywhere you can.

Step 4: Check Your Crypto Wallets

If you use cryptocurrency:

  • Check transaction history for unauthorized transfers
  • Move remaining funds to a new wallet with a freshly generated seed phrase
  • Never reuse the compromised wallet’s seed phrase or private keys

Step 5: Consider a Clean Install

Steam’s own warning to PirateFi players suggested reinstalling your operating system. This is extreme but not unreasonable — information stealers can leave persistent backdoors, modify system files, and install secondary malware that survives standard antivirus scans.

If you had significant cryptocurrency holdings on an affected machine, a clean OS install is the safest path.

How to Stay Safe Going Forward

Be Skeptical of Free Games from Unknown Developers

If a game has:

  • Very few reviews
  • A brand new developer with no track record
  • Promises that seem too good for a free game
  • Aggressive promotion on Discord or Reddit by new accounts

…approach with caution. Check the developer’s history, read community discussions, and wait a few weeks after release before installing.

Don’t Store Crypto Wallets on Your Gaming PC

This is the biggest lesson from the BlockBlasters incident. If you trade cryptocurrency, use a hardware wallet (Ledger, Trezor) and keep your hot wallet on a separate device from where you install random games.

Keep Your Browser Clean

Don’t save passwords in your browser — use a dedicated password manager instead. Browser-saved passwords are the easiest target for information stealers.

Monitor Your Accounts

Set up alerts for:

  • New logins on your email and banking accounts
  • Cryptocurrency transactions on your wallets
  • Steam guard notifications for new device logins

The Bigger Problem: Gaming Platform Security

This incident highlights a broader issue in gaming security. Steam processes over 100 million monthly active users and hosts tens of thousands of games. The platform’s openness — which makes it great for indie developers — also makes it a potential distribution vector for malware.

Valve has taken steps to improve security, including requiring SMS verification for developers and implementing automated scanning. But as these eight games demonstrate, determined attackers can still slip through.

The FBI’s investigation may lead to arrests and prosecution, but the underlying challenge remains: how do you balance an open platform with security when threat actors are willing to build entire fake games just to distribute malware?

For now, the best defense is awareness. Know the risks, verify before you install, and keep your most sensitive data — especially cryptocurrency keys — far away from your gaming machine.