FBI probes malware campaign hiding inside Steam PC games
U.S. federal investigators are examining a malware operation that quietly spread through several titles on Steam, the dominant PC gaming platform run by Valve. According to a public notice from the Federal Bureau of Investigation, attackers used seemingly legitimate games to deliver malicious software to unsuspecting players – and the agency now wants to hear from anyone who may have been affected.
What the FBI has revealed so far
The FBI says it believes a single threat actor, or a closely coordinated group, used multiple Steam-hosted games to infect users’ computers over an extended period.
“The FBI believes the threat actor primarily targeted users between the timeframe of May 2024 and January 2026,” the agency stated, indicating that the campaign may have been active for more than a year and a half before being fully exposed.
The games currently named in the investigation include:
– BlockBlasters
– Chemia
– Dashverse
– DashFPS
– Lampy
– Lunara
– PirateFi
– Tokenova
All of these titles were available through Steam at some point, and at least some of them were actively promoted as regular indie releases before red flags emerged.
Games pulled from Steam after malware discovery
Concerns about malicious content on Steam first turned into action last summer, when several titles – notably Chemia and PirateFi – were removed from the platform after investigators and security researchers found they were distributing malware.
Once the problem became public, Valve delisted those games. However, the FBI’s new call for potential victims suggests that the scope of the campaign was broader than initially assumed and may involve more than the first batch of removed titles.
Why this matters: Steam’s massive reach
Steam is not a niche storefront. It is one of the largest digital distribution platforms for PC games in the world, making any successful malware campaign on the service particularly dangerous.
By 2025, Steam had surpassed:
– 132 million monthly active users
– More than 117,000 games available on the platform
That enormous catalog and user base make Steam a prime target: a single compromised title can reach thousands of players quickly, especially if it appears in recommendation feeds or gains traction from reviews and streams.
How malware can hide in games
Malware embedded in games can take several forms, and the danger is not limited to obvious “cracked” or pirated copies. In cases like this, users downloaded what they believed were legitimate products directly from an official storefront.
Attackers may:
– Insert malicious code directly into game executables
– Use game launchers or updaters to pull down additional payloads after installation
– Hide malware in third-party libraries or modified assets (such as DLL files)
– Exploit auto-update features to push an infected version after a clean initial release
Because many gamers consciously whitelist their game folders in antivirus tools to improve performance, malicious files in those directories may be less likely to trigger warnings once installed.
Possible goals of the attackers
While the FBI has not publicly detailed the exact malware strain or its capabilities, such campaigns typically aim to:
– Steal passwords and session tokens (for gaming, email, crypto exchanges, payment services)
– Harvest stored browser credentials and autofill data
– Install keyloggers to record keystrokes and capture login details
– Deploy remote access tools that give attackers control of the system
– Covertly mine cryptocurrency using the victim’s CPU or GPU
– Build a botnet for future attacks, spam, or distributed denial-of-service operations
Games with crypto-themed names such as PirateFi and Tokenova raise additional questions about whether digital assets or wallets were a specific target for some victims.
Who may be at risk
Anyone who downloaded or played the titles listed by the FBI between May 2024 and January 2026 should treat their system as potentially compromised, even if nothing obvious appears wrong.
Risk is higher if:
– The games were installed and run for an extended period
– The user disabled or relaxed antivirus protections for their Steam library
– The PC was also used for work, online banking, investing, or managing cryptocurrency
– The same machine stored passwords or login credentials in browsers or password managers without additional security layers
Because many forms of malware run silently, an infected system may show no visible problems while attackers quietly siphon off data in the background.
What affected users should do
If you suspect you may have installed one of the flagged games, several immediate steps are recommended:
1. Disconnect and scan
– Temporarily disconnect from the internet (especially if you store sensitive data or crypto on the device).
– Run a full system scan using reputable antivirus or anti-malware tools. Consider scanning from a trusted rescue disk or a separate bootable environment.
2. Remove suspicious software
– Uninstall BlockBlasters, Chemia, Dashverse, DashFPS, Lampy, Lunara, PirateFi, and Tokenova if you have any of them.
– Manually check your Steam library folders for leftover files related to these titles and remove them.
3. Change passwords and secure accounts
– Change the passwords for your Steam account, email accounts, and any financial or crypto-related services you use.
– Enable multi-factor authentication everywhere it is available, especially for Steam, email, and banking.
4. Monitor for unusual activity
– Check for strange logins, new devices, or password-reset attempts on your accounts.
– Review transaction history for banks, payment apps, and crypto wallets for unauthorized operations.
5. Consider a clean reinstall
– In severe cases, or if scans repeatedly find threats, backing up essential files and performing a clean reinstall of your operating system may be the safest solution.
The FBI has encouraged victims and anyone with information about the distribution of these malicious games to come forward, as additional technical details could help map the full infrastructure behind the campaign.
What this incident exposes about platform trust
The situation underscores a growing security dilemma: users reasonably assume that software purchased from a major, curated platform is safe. Yet as the Steam ecosystem has ballooned, it has become harder to rigorously check every new or updated game without slowing down releases.
This opens the door to:
– Malicious actors posing as small or indie developers
– Legitimate developers having their accounts compromised and their games altered
– Updates being weaponized after an initially clean launch
Even with automated scanning and manual reviews, sophisticated malware can slip through, especially if it is obfuscated or only delivered under specific conditions (for instance, only to users in certain regions).
How Valve and other platforms may respond
While Valve has already removed some of the identified games, the FBI’s involvement will likely push for broader changes behind the scenes. Platforms of this scale often respond to such incidents by:
– Tightening developer onboarding and identity verification
– Implementing more advanced automated malware scanning and behavioral analysis
– Increasing scrutiny of updates pushed by lesser-known developers
– Using telemetry to detect suspicious behavior from installed games (for example, unusual network connections or access to sensitive system areas)
These steps, however, must be balanced against developer convenience and performance considerations, which is why implementation can be slow and incremental.
How gamers can reduce their risk in the future
Even if the platform improves its defenses, individual users remain the last line of protection. Practical measures for safer gaming include:
– Be cautious with obscure titles: Treat unknown games with few reviews and minimal history more skeptically, especially if they promise unrealistic rewards or tie into crypto or “play-to-earn” schemes.
– Avoid disabling security entirely: Instead of fully turning off antivirus for gaming, configure exceptions sparingly and only when necessary for trusted games.
– Watch for odd behavior: Fans spinning at full speed for no obvious reason, unexplained CPU/GPU spikes, sudden slowdowns, or unfamiliar processes running in Task Manager can be warning signs.
– Separate machines for critical tasks: If possible, don’t manage large sums of money or critical business systems on the same PC where you constantly test new or fringe games.
– Regular backups and updates: Keep your operating system, drivers, and security tools updated, and maintain backups so you can recover cleanly if something goes wrong.
A turning point for PC game security
The FBI’s investigation into malware-laced Steam games highlights how the line between “entertainment software” and “high-value attack vector” has largely disappeared. Where attackers once focused primarily on enterprise targets, the combination of gaming, digital payments, and crypto has turned everyday players into lucrative victims.
As the probe continues, more names may be added to the list of compromised titles, and platform security policies may evolve. For now, anyone who installed BlockBlasters, Chemia, Dashverse, DashFPS, Lampy, Lunara, PirateFi, or Tokenova in the period between May 2024 and January 2026 should treat the incident seriously, assume their system could have been affected, and take concrete steps to secure their devices and accounts.