The FBI's "Steam Malware Investigation" alert, which was made public on March 11, is asking those affected to come forward voluntarily, as federal investigators probe a cybercriminal suspected of distributing multiple malware-infected games on Valve's Steam platform.
The FBI believes the threat actor primarily targeted users between the timeframe of May 2024 and January 2026, with seven specific games identified: BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova. The games were removed from Valve's storefront earlier this year, but authorities continue investigating the scope of the operation.
BlockBlasters is the most notorious example, stealing $32,000 from streamer Raivo Plavnieks (RastalandTV) during a cancer fundraising stream on Twitch. Pretty much all of these games are crypto scams that drain your wallets once launched, with the malware harvesting browser cookies, Discord tokens, Steam credentials, cryptocurrency wallet seeds, or gaming marketplace logins.
Victims may be eligible for certain services, restitution, and rights under federal and/or state law, with all identities kept confidential. Potential victims can fill out the "Seeking Victim Information" form on the FBI's website or send details to Steam_Malware@fbi.gov.
Steam has recorded more than 34 million concurrent users in recent years, meaning even small malware campaigns can translate to tens of thousands of compromised machines. The investigation highlights ongoing challenges in policing one of the world's largest gaming platforms.
