The FBI is actively investigating a hacker who distributed multiple video games containing hidden malware through the Steam platform. This is the second known instance of such activity on the popular PC gaming marketplace, raising concerns about security vulnerabilities and potential widespread infections.
Malware-Infected Titles
The agency has identified at least seven games suspected of being developed by the same cybercriminal over the past two years:
- BlockBlasters
- Chemia
- Dashverse/DashFPS
- Lampy
- Lunara
- PirateFi
- Tokenova
These games, while functional, were designed to act as “Trojan horses,” tricking users into unknowingly installing malicious software on their computers. The FBI is now seeking potential victims to determine the extent of the damage.
Recurring Issue
This is not an isolated incident. Last year, similar malware-ridden games were discovered and removed from Steam, but not before infecting an unknown number of users. The method relies on exploiting Steam’s open platform policy, where anyone can upload and sell games with minimal vetting.
Why this matters: Steam is a dominant force in PC gaming, with millions of users. Such breaches undermine trust in the platform and expose gamers to serious security risks, including data theft, financial fraud, and remote control of infected devices. The fact that this has happened twice suggests vulnerabilities in Steam’s security measures need addressing.
Contacting the Investigators
The FBI is urging anyone who may have downloaded or played these games to come forward. Secure contact methods have been provided by TechCrunch, including Signal, Telegram, Keybase, and SecureDrop, for those wishing to report potential infections without compromising their devices.
Valve and the FBI have not yet issued official comments on the matter. The investigation is ongoing, and further details may emerge as the agency gathers more information.
The persistence of malware on Steam underscores the constant threat facing digital platforms, requiring both developers and users to remain vigilant against malicious actors.
