The FBI’s Divisão of Seattle has opened a formal investigation to identify victims of games published on the Steam platform that contained embedded malware. The investigation covers the period from May 2024 to January 2026 and focuses on seven specific titles removed from the store after malicious code was detected. Usuários who installed these games may have suffered theft of personal data, credentials or even financial losses, and the agency requests that they contact us confidentially to assist in the investigation.
Authorities believe that the same threat actor was responsible for publishing these games, which appeared to be legitimate independent productions, such as first-person shooters or early access titles. The malware worked covertly, often after installation, to collect sensitive information from victims’ computers.
Details of the federal investigation
The FBI released a public alert in March 2026 asking for collaboration from possible victims. The agency highlighted that victims may be entitled to support services, restitution and protections under US federal and state laws.
Investigators are looking for details about how users discovered the games, any indications received and losses observed. The identity of those involved remains protected during the process.
Games identified in the investigation
Seven specific titles are at the center of the investigation, all of which were removed from Steam following reports and security reviews:
- BlockBlasters
- Chemistry
- Dashverse/DashFPS
- Lampy
- Lunara
- PirateFi
- Tokenova
These games were published over almost two years and had features that disguised the presence of malware, like common mechanics in indie games.
Highlighted cases of impact
One of the most notorious games was BlockBlasters, which in a previous incident diverted donations intended for medical treatment from a well-known streamer, totaling a significant amount in financial resources. Outros securities compromised user accounts and digital wallets associated with cryptocurrencies.
Infections mainly occurred through malicious updates or direct execution of the game executable. Especialistas in cybersecurity confirmed that the code stole login information, bank details and authentication keys.
Recommended protective measures
Users should check their libraries at Steam and uninstall any suspicious titles identified by the investigation. Atualizações antivirus and full system scans are indicated immediately after removal.
The Steam platform maintains a review process for new releases, but isolated cases show vulnerabilities in indie submissions. Jogadores need to prioritize reliable sources and avoid downloading games with few reviews or unknown developers.
Platform context and responses
Steam, operated by Valve, removed the questioned games as soon as security issues were identified. The company cooperates with authorities in cases of cyber threats, as practiced in previous incidents involving fraudulent mods or content.
The FBI emphasizes that only a small fraction of the thousands of games available on the store were affected. The investigation aims to map the reach of the responsible actor and prevent new similar publications.
Guidance for victims
Anyone who installed any of the games listed between May 2024 and January 2026 must report the case to the FBI through official channels. Contact allows access to specific guidance and possible inclusion in assistance programs.
Reports help to strengthen the evidence against the person responsible, with total confidentiality guaranteed during the investigative process.
The investigation reinforces the need for constant surveillance on digital content distribution platforms. Jogadores must maintain up-to-date systems and use robust security tools to minimize risks in online environments.
