FBI Seeks Info from Gamers Who Installed Malware from Steam

Steam was used to spread malware via several games, and the FBI Seattle division has announced that they’re seeking information from those affected.

The malware-ridden games in question include BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova.

If you installed any of these games, you can fill out the form on their site to potentially access “certain services, restitution, and rights under federal and/or state law.”

Responses are purely voluntary but may help in their investigation.

The FBI states that it believes the “threat actor primarily targeted users between the timeframe of May 2024 and January 2026.”

PirateFi was designed to steal browser cookies to take over your accounts. Chemia was a legitimate game, but was hijacked and updated with infostealer malware. BlockBlasters was a Trojan that stole an estimated $150,000 in cryptocurrency. Lunara and Tokenova were also exposed as crypto stealing malware.

Games have long been a particularly potent vector for malware. They’re typically unsandboxed, closed source, and commonly ask for the lowest-level permissions in your operating system to run things like anti-cheat software or DRM software.

They’re also commonly bundled with other programs. Gamers are so used to having random crap installed along with their games that no one would really bat an eye at some malware bundled alongside a legitimate game.

Gamers also commonly install cracked versions of games downloaded from unofficial sources, which often contain malware.

Multiplayer components of games also expose you to hackers that could exploit your game client. Mods downloaded to customize games are also common vectors for malware.

Storefronts like Steam are meant to provide some protection to their users by vetting software before it gets distributed on their platform, but malware continues to get more and more sophisticated and difficult to detect.

If you need to game privately and securely, you can stick to platforms like the Apple App Store that enforce sandboxing on all games. Make sure to only get games from official sources and be very careful what mods you install, or just avoid mods entirely. You might even consider playing games on a totally separate machine to avoid the risk of your personal files and data getting compromised.

It’s clear that trying to vet software for malware isn’t an effective strategy and operating systems need to enforce security features like sandboxing in order to protect their users.

macOS has optional sandboxing that can be enabled by app developers when they sign their app. Windows is rolling out win32 app isolation that will allow a similar thing in Windows. iOS and Android are already sandboxed by default and provide great security out of the box, so they can be good options for secure gaming.