FBI Launches Official Investigation Into Malware-Infected Steam Games

The FBI has stepped in. Not quietly either. The agency's Seattle Division officially announced it is actively seeking victims who downloaded malware-ridden games from Steam, naming seven specific titles it believes were published by the same bad actor between May 2024 and January 2026.

Those games are BlockBlasters, Chemia, Dashverse (also listed as DashFPS), Lampy, Lunara, PirateFi, and Tokenova. All seven are suspected of being developed by the same cybercriminal and have since been pulled from the storefront. If you downloaded any of them, the FBI wants to hear from you.

The investigation is being led out of the Seattle Division, which launched a public notification on March 12, 2026, asking anyone affected to come forward voluntarily. Victims can fill in a form directly on the FBI's website or send an email to Steam_Malware@fbi.gov. Worth noting: the FBI clarifies that players will not be able to stay anonymous if they make contact, as it is legally mandated to identify victims of federal crimes it investigates. After submitting, you could also be contacted for a follow-up interview.

Valve confirmed the outreach is legitimate. Steam sent emails to affected users stating "We can confirm the message and website linked are in fact from the FBI."

BlockBlasters: The Most Damaging Case

Of all seven games, BlockBlasters stands out. Badly.

The game first appeared on Steam on July 30, 2025, and was completely clean at launch. That changed on August 30, when an update quietly introduced credential-stealing malware. It sat there for nearly a month before anyone caught it.

The moment it became public was brutal to watch. Latvian streamer Raivo Plavnieks, who was raising funds for his stage 4 cancer treatment, lost $32,000 in cryptocurrency after downloading BlockBlasters during a live broadcast. The money had been donated by his community to help cover his medical bills.

The malware used scripts to disable antivirus software, gather Steam account info, and send it to an external command-and-control server. A Python-based backdoor and a StealC-based payload were also deployed. In other words, it was not some rushed, sloppy job. This was deliberate.

The scale of it went well beyond one streamer. Crypto investigator ZachXBT reported that more than $150,000 had been stolen from 261 different Steam accounts.

When the scam was exposed, internet users tracked down conversations tied to the people behind BlockBlasters. In those messages, the scammers reportedly said that RastalandTV would simply "make it back in a few hours." Charming people.

For what it's worth, popular crypto influencer Alex Becker stepped in and sent $32,500 directly to RastalandTV's new safe wallet on the same day the theft occurred.

A Bigger Pattern

BlockBlasters grabbed the headlines, but it was far from an isolated case. Pretty much all of the games named in the FBI's investigation were crypto scams designed to drain wallets once launched.

Valve has generally been quick to delist games once complaints come in, but it has faced ongoing criticism for failing to catch these titles before they go live. Part of the problem is structural. The frequency of these malicious games has gone up in recent years despite Valve's efforts to combat them, likely because the sheer volume of new submissions overwhelms whatever vetting system exists. In some cases, as with BlockBlasters, a game launches clean and malware is introduced through a later update, letting it pass initial checks entirely.

The FBI's reference to a singular "threat actor" across all seven games suggests investigators already have strong reason to believe one person or group is behind the entire operation. Given how much was already uncovered by the public around BlockBlasters, it's not hard to imagine they have a solid lead.

What You Should Do

If you installed any of the seven games between May 2024 and January 2026, treat your system as compromised until proven otherwise. The malware embedded in these titles was capable of stealing personal data, account credentials, browser cookies, and accessing user accounts.

Run a full antivirus scan, check your installed software for anything unfamiliar, change your Steam password, and if you hold crypto, move your assets to a new wallet immediately. Victims who come forward will be kept completely confidential and may be eligible for restitution under federal law.

This isn't just a cautionary tale about dodgy free games. It's a reminder that even a "Verified" badge on Steam means nothing beyond hardware compatibility with the Steam Deck. It does not indicate that Valve has assessed the game's security or contents in any meaningful way.

The FBI is now involved. Hopefully that leads somewhere.