- The FBI’s Seattle Division is investigating seven Steam games that installed information-stealing malware between May 2024 and January 2026, targeting cryptocurrency wallets and browser credentials.
- A threat actor identified as EncryptHub deployed multiple malware strains including Vidar, HijackLoader, and a custom tool called Fickle Stealer across titles such as PirateFi, Chemia, and BlockBlasters.
- One victim, a Twitch streamer, lost US$32,000 (AU$45,760) during a live cancer fundraising stream when BlockBlasters malware activated on his system.
The FBI’s Seattle field office is investigating a malware campaign that used seven games on Steam to steal cryptocurrency wallets, browser data and saved credentials from players who downloaded them between May 2024 and January 2026.
In a recent notice, the bureau said it is seeking users who may have installed the infected titles: BlockBlasters, Chemia, Dashverse, DashFPS, Lampy, Lunara, PirateFi and Tokenova. Valve has removed the games from Steam, but has not publicly commented.
The FBI believes the threat actor primarily targeted users between the timeframe of May 2024 and January 2026. In the investigation, several games have been identified to include, BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova.
FBI’s Seattle DivisionRelated: Ripple Buyback Program Values Company at $50 Billion
Harvesting Crypto Information Through Steam Games
Researchers linked the operation to a threat actor known as EncryptHub. The campaign used several malware tools, including Vidar, HijackLoader and a custom program called Fickle Stealer.
Investigators said the software was designed to harvest crypto wallet information, browser cookies and stored login credentials.
Some earlier variants were also capable of secretly mining cryptocurrency on infected devices, using victims’ hardware in the background.
One of the best-known cases involved Twitch streamer Raivo Plavnieks, known online as RastalandTV, who lost US$32,000 (AU$45K) during a live charity stream for cancer fundraising after malware from BlockBlasters activated on his computer.
Investigators later found chat logs in which the attackers dismissed the theft.
PirateFi alone may have been downloaded by as many as 1,500 users during the roughly one week it was available in February 2025.
The full number of victims across all seven games has not been disclosed. Steam’s scale makes the breach potentially significant, with the platform hosting more than 117,000 games and serving about 132 million monthly active users.
The FBI said it is required to identify victims in federal investigations and noted that affected users may qualify for restitution or other protections under state or federal law. It directed potential victims to a reporting form at forms.fbi.gov and an email contact.
Read more: SEC and CFTC Sign Crypto Policy Agreement to Coordinate Oversight
Credit: Source link
