FBI Investigates Hacker Who Uploaded Malware-Laced Games to Steam

The FBI has opened an investigation into a developer suspected of publishing multiple malware-laced games on Steam and is actively asking potential victims to come forward.

“Steam has been the scene of a threat for months that many players were completely unaware of”

3DJuegos

Authorities have identified specific titles tied to the probe — including BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova — which appeared playable but are alleged to have delivered malicious code.

3DJuegos

The FBI’s Seattle Division believes these titles were published over roughly a two-year window and is soliciting reports from anyone who installed them.

Investigators and security researchers say attackers exploited Steam’s open publishing model and update mechanism to slip malicious payloads into otherwise functional games.

Tactics described by reporting include submitting a benign build to pass initial review, then pushing a post‑launch update that adds a malicious loader, bundling droppers inside Unity or Unreal executables, or using side‑loading and scripted installers.

Decrypt

Once executed, those payloads are reported to harvest browser cookies, Discord tokens, Steam credentials, cryptocurrency wallet seeds, and other sensitive data, and to establish persistence on infected machines.

The scale of Steam magnifies the threat: reporting cites monthly active-user figures ranging from more than 100 million to over 130 million, meaning even a tiny infection rate could translate into thousands of compromised machines.

“The Federal Bureau of Investigation (FBI) is investigating a series of malware-infected video games that appeared on the popular PC gaming platform Steam”

Digital Trends

Many of the flagged projects were small or lesser-known indie titles that nonetheless attracted enough downloads to cause tangible damage.

Notebookcheck and other outlets also note that the FBI’s Seattle Division identified multiple offender titles debuting between May 2024 and January 2026, suggesting a campaign that stretched across roughly two years.

Federal investigators have asked anyone who installed the identified games to report system and account activity through an FBI form so authorities can map command-and-control infrastructure and connect related incidents.

The bureau emphasized that identifying victims is part of its legal mandate and that victims may be eligible for services or restitution; some outlets note the agency says victim identities will be kept confidential.

FindArticles

Valve has posted communications on community channels asking users to assist with the investigation and in at least one case confirmed cooperation with law enforcement.

Valve has removed several of the implicated games and multiple outlets report the company is cooperating with law enforcement, but reporting highlights persistent questions about Steam’s vetting and update processes after similar incidents in prior years.

“The Federal Bureau of Investigation has announced that it is seeking information from victims who were potentially scammed by games “embedded with malware” on Steam over the past two years”

Kotaku

Journalists and security researchers point to past examples — including 2023 and 2024 cases in which games or related mods carried infostealers or crypto-stealing code — illustrating that malware in game downloads is a recurring problem rather than a single anomaly.

Kotaku