FBI Investigates Malware Found Lurking in Steam Games

The FBI Steam malware investigation is now public — and the bureau wants to hear from you. Federal agents confirmed Friday they are probing the distribution of malicious software through multiple games on Valve's Steam platform, asking gamers who downloaded any of the flagged titles between May 2024 and January 2026 to come forward. What the headlines are burying: this wasn't a gaming prank. These were crypto-targeting trojans dressed up as indie games.

Eight Games, One Coordinated Attack

The FBI named eight specific titles in its investigation: BlockBlasters, Chemia, Dashverse, DashFPS, Lampy, Lunara, PirateFi, and Tokenova. All were available through Steam, the dominant PC gaming storefront with over 132 million monthly active users and more than 117,000 games on the platform as of 2025. The games passed Steam's approval process — which tells you something about how sophisticated this operation was.

Steam operator Valve had already pulled several titles from its platform last summer after security researchers flagged them. Chemia and PirateFi were among the first removals, but the broader campaign — and its full victim count — remained murky until now. The FBI isn't clarifying numbers, but opening a public victim call strongly suggests they believe the damage is significant.

According to FBI is seeking victims of the Steam malware campaign, the bureau is legally mandated to identify anyone harmed during its federal investigations. Victims could be eligible for restitution and certain legal rights under both federal and state law. All identities, the agency says, will remain confidential.

The FBI believes the threat actor primarily targeted users between the timeframe of May 2024 and January 2026.

Was Your Crypto Wallet Drained?

That's the question nobody asking 'is this game safe to download?' was thinking about. But PirateFi — one of the most-studied titles in this cluster — was confirmed by Kaspersky to carry the Vidar infostealer, a strain specifically designed to harvest browser-stored credentials, session cookies, and cryptocurrency wallet data. Security researchers estimated PirateFi was removed from Steam after potentially 1,500 users were exposed before Valve acted.

Vidar doesn't just steal what's on screen. It pulls saved passwords, autofill data, and — critically for anyone running a software crypto wallet — the seed phrases and private keys stored locally. If your machine was running one of these games and you held crypto in a desktop wallet during that period, the math is not comforting.

Gaming Has Become a Crypto Theft Vector

This isn't a one-off. Gamers have been in the crosshairs of crypto-targeting malware for years, and the tactics keep getting sharper. Back in 2023, a fake Super Mario game circulated with malware bundled inside — capable of hijacking crypto wallets, scraping passwords, and silently installing crypto-mining software on infected machines. Nobody noticed until the damage was done.

Then in March 2024, cybersecurity firm VX Underground issued a warning about Call of Duty cheat software seeded with a Bitcoin wallet-draining trojan. The firm estimated multiple Steam games used to spread malware with the CoD attack alone potentially compromising more than 4.9 million gaming accounts across platforms. And in December 2024, Kaspersky identified a separate infostealer embedded in pirated mods for Roblox and similar titles.

The pattern is clear. Gamers — especially those drawn to free indie titles or third-party mods — have become a reliable attack surface. The Steam brand lends credibility. The approval process provides cover. And by the time anyone notices, the wallets are already empty.

What Valve Said — and Didn't

Valve did not respond to requests for comment on the FBI investigation. That silence is doing a lot of work. The company has 132 million monthly users depending on its approval process to screen for malicious software — and at least eight games slipped through, some remaining available for months. Steam's curation model has long been criticized for prioritizing volume over safety.

The FBI, for its part, cannot comment on specifics of the ongoing investigation. What it can do — and did — is ask victims to identify themselves before potential restitution windows close.