The FBI is asking gamers who installed Steam titles containing malware to provide information as part of an ongoing investigation into eight malicious games uploaded to the gaming platform.
In a notice published today by the FBI’s Seattle Division, the agency said it is attempting to identify individuals who were affected after installing one of the malicious games on Steam between May 2024 and January 2026.
“The FBI’s Seattle Division is seeking to identify potential victims installing Steam games embedded with malware. The FBI believes the threat actor primarily targeted users between the timeframe of May 2024 and January 2026,” reads the notice.
“In the investigation, several games have been identified to include, BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova.”
“If you and/or your minor dependent(s) were victimized from installing one of these games or have information relevant to this investigation, please fill out this short form.”
The questionnaire indicates that the FBI is focused on cryptocurrency theft and account hijacks after the installation of the malware, asking questions about cryptocurrency transactions, compromised accounts, and stolen funds.
The form also asks for any screenshots of communications with individuals who promoted the games, which could help investigators track the stolen cryptocurrency and trace it to those who distributed the malware.
“The FBI is legally mandated to identify victims of federal crimes it investigates. Victims may be eligible for certain services, restitution, and rights under federal and/or state law. All identities of victims will be kept confidential,” the FBI told BleepingComputer.
“The website and email listed in the mass notifications sent on March 12, 2026, are official and authorized by the FBI. At this time, the FBI is unable to provide specific details beyond the information referenced on the website in the email notification to customers.”
The FBI is also asking anyone who knows someone who may have been affected to encourage them to submit an inquiry to Steam_Malware@fbi.gov.
BleepingComputer also sent questions to Valve about the investigation, but did not receive a reply to our email.
Multiple malicious games discovered on Steam over the past two years have distributed information-stealing malware designed to harvest credentials, cryptocurrency wallets, and other sensitive data from players’ devices.
One of the most notable cases involved BlockBlasters, a free-to-play 2D platformer available on Steam from July to September 2024. While initially uploaded to Steam as a clean program, cryptodrainer malware was later added to the game.
News that the Steam game was malicious was revealed during a livestream by video game streamer Raivo Plavnieks (RastalandTV), who was raising money for cancer treatment.
After downloading the verified Steam game, the streamer reported losing more than $32,000 from his cryptocurrency wallet.
Blockchain investigator ZachXBT later estimated that attackers stole roughly $150,000 from 261 Steam accounts. Cybersecurity researcher VX-Underground later reported a higher count of 478 victims.
In the malicious Chemia survival crafting game, a threat actor known as EncryptHub added the HijackLoader malware, which downloaded the Vidar information stealer. It was later discovered that the game also installed EncryptHub’s custom Fickle Stealer malware, which steals credentials, browser data, cookies, and cryptocurrency wallets.
The PirateFi game also distributed the Vidar infostealer and was available on Steam for about a week in February 2025. Up to 1,500 users may have downloaded the game before it was removed from Steam.
Steam later warned players who launched the game that malicious files may have been executed on their computers and advised them to run antivirus scans, review installed software, and consider reinstalling their operating system.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
