The FBI is investigating new malware threats circulating via PC games on Steam.
The agency’s Seattle division issued an alert and asked potential victims to contact the office. “If you and/or your minor dependent(s) were victimized from installing one of these games or have information relevant to this investigation, please fill out this short form,” it says.
A hacker mainly targeted Steam users between May 2024 and January 2026. “In the investigation, several games have been identified to include BlockBlasters, Chemia, Dashverse / DashFPS, Lampy, Lunara, PirateFi, and Tokenova,” the FBI says.
The listed games were previously found to contain malware. In February 2025, the free-to-play PirateFi launched in beta but was actually designed to steal browser cookies and hijack user accounts. In July 2025, a cybersecurity vendor flagged an upcoming game, Chemia, for updating itself to deliver malware. Then, in September, BlockBlasters was released on Steam, but it was actually a Trojan that drained an estimated $150,000 in cryptocurrency from victims.
The FBI’s alert also appears to warn about a new title, Lampy, that was previously unknown to host malware. The free-to-play game is currently available on Steam. But it’s not clear if the FBI alert meant to flag this game or a title with a similar name that’s already been removed.
Steam’s parent, Valve, which is based in Bellevue, Washington, didn’t immediately respond to a request for comment. But the company previously warned users who downloaded the affected games about the malware threat, including DashFPS. On forums, gamers also sounded the alarm about Lunara and Tokenova.
The FBI’s alert suggests it suspects the malware threats are tied to a single group or attacker. All the games are indie titles that most, if not all, PC users wouldn’t be aware of. So to entice users to download the games, victims have reported receiving messages on the messaging app Telegram with a free key to try out the titles, or even freelance job offers to help moderate the game. The BlockBlasters title was also promoted, with the attacker apparently messaging cryptocurrency holders to try it as a paid promotion.
About Our Expert
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
-
Grok, Is This True? Musk Says xAI Needs to Be ‘Rebuilt’ As Co-Founders Flee
-
Better Signal: 1,600 Starlink Satellites Move Into Lower Orbits
-
US Helps Shut Down Proxy Service Used to Hack Thousands of Routers
-
How Fast? SpaceX Partner Offers Details on Starlink Mobile’s Current Speeds
-
MacBook Neo Prompts Former Windows Chief to Revisit RT Failure
-
More from Michael Kan
