Steam 8 games embedded with malware, FBI targets victims from 2024 to 2026

The FBI announced on March 14 that they are investigating the spread of malware through multiple PC games on Valve’s Steam platform and are publicly collecting information from potential victims. The FBI stated that the threat actors mainly targeted users who downloaded the affected games between May 2024 and January 2026. Victims may be eligible for compensation under federal and state laws.

FBI Investigation Overview: List of 8 Involved Games and Victim Reporting Mechanism

The FBI pointed out that the following 8 games are suspected of containing malware, appearing no different from regular games, and have all been approved on Steam:

· BlockBlasters
· Chemia
· Dashverse
· DashFPS
· Lampy
· Lunara
· PirateFi
· Tokenova

A FBI spokesperson told Decrypt, “The FBI is legally obligated to disclose the identities of victims involved in federal crimes, and victim identities will be kept confidential.” Games like Chemia and PirateFi were removed from Steam last summer after being found to contain malware. Valve has not responded to the investigation as of this report.

Steam’s Scale as an Attack Surface: Malware Masquerading as Normal Games

Steam is one of the world’s largest digital distribution platforms for PC games, with over 132 million monthly active users in 2025 and more than 117,000 games available. Its large user base and extensive game library make it a prime target for malicious actors.

The core tactic in this incident involves high-fidelity disguise: these malware-infected games do not appear harmful at first glance but pass platform review as normal functioning games. While players enjoy the game, malicious code silently installs in the background, greatly reducing user suspicion and directly challenging the platform’s security review process before release.

Notably, the names PirateFi and Tokenova contain clear references to decentralized finance (DeFi) and tokens, indicating these games may specifically target players involved with crypto assets.

Historical Patterns of Game Malware: Crypto Wallets as Main Targets

Malicious software targeting gamers is not new, and history shows that crypto assets have consistently been a primary target for theft.

In 2023, a fan-made game based on Nintendo’s Super Mario series was found to contain triple malicious functions: hijacking crypto wallets, deploying password-stealing malware, and installing crypto mining software in the background. In March 2024, cybersecurity firm VX Underground warned that players searching for cheat software for the Call of Duty series faced malware risks that could steal Bitcoin (BTC) wallets, affecting over 4.9 million accounts. By December 2025, Kaspersky discovered information-stealing malware in pirated mods for Roblox and other games.

These patterns demonstrate that gaming communities have become key entry points for attacks on crypto assets, with attack channels extending from official platforms and fan games to third-party tools, continuously expanding.

Frequently Asked Questions

Which games are involved in the FBI’s Steam malware investigation?

The eight games named by the FBI are: BlockBlasters, Chemia, Dashverse, DashFPS, Lampy, Lunara, PirateFi, and Tokenova. The attack period is from May 2024 to January 2026, with some games already removed from Steam last year.

If I downloaded these games during the specified period, how can I confirm if I am affected?

The FBI is actively collecting information from potentially impacted players. Victims can submit their info through official FBI channels, with confidentiality assured, and may be eligible for compensation under federal or state laws. It is also recommended to run a full system malware scan and check for unusual activity in crypto wallets and accounts.

What is the connection between this Steam malware incident and cryptocurrencies?

The names PirateFi and Tokenova contain clear crypto-related terminology, indicating that attackers may be targeting crypto asset holders. Combining historical cases—such as Mario fan games hijacking crypto wallets and cheat software for Call of Duty stealing BTC—the pattern of game malware focusing on crypto assets continues to strengthen.