The FBI is investigating a series of games on Steam that, between May 2024 and January 2026, operated as vehicles for distributing malware. Titles like BlockBlasters, Chemia, and Dashverse managed to evade the platform's controls to steal users' credentials and personal data. The investigation is now seeking to identify victims through an official form. This case exposes a security breach in a trusted digital ecosystem. 🔍
The infection method and evasion of Steam's filters 🕵️
The malicious games operated seemingly normally after download. The malware activated in the background during execution, often camouflaged as a system component or library file. Its main goal was to steal credentials stored in browsers and software clients, in addition to capturing personal data. The fact that they bypassed Valve's filters suggests the use of code obfuscation techniques or exploitation of delays in review processes.
Your next Steam achievement: "Victim Collaborator of the Year" 🏆
In an unexpected twist, some players earned a trophy not listed in the achievements: having their banking information paraded through underground forums. It's the type of downloadable content no one asked for, but that came with the purchase. The multiplayer experience took a different turn, connecting users with cybercriminals in a game where the FBI set the rules. At least the investigation offers a form; something is something to fill the void left by the wallet.