The FBI has issued a formal public appeal asking Steam users who downloaded malware-infected games to report their experiences, naming seven specific titles at the center of an active federal investigation.
Seven Games Named in the Federal Investigation
According to the FBI's official victim services page, the games identified in this investigation are BlockBlasters, Chemia, Dashverse / DashFPS, Lampy, Lunara, PirateFI, and Tokenova. These titles were primarily active on Steam between May 2024 and January 2026.
If you downloaded any of these games during that window, the FBI wants to hear from you. Victims can reach out directly at [email protected] or submit details through an online form on the FBI's official website. The form asks for your Steam ID, which game you downloaded, when you downloaded it, whether you were contacted or incentivized to play the game, and how much money you lost as a result.
The key here is that investigators are trying to stitch together a broader picture, connecting timelines, wallet addresses, and other identifying information to build cases against those responsible.
danger
The FBI warns victims not to pay any additional fees following a scam, and not to use services that claim to recover lost funds, as these are often secondary scams targeting the same victims.
How These Scams Worked
The most high-profile case involved PirateFI, a free-to-play survival game with web3 elements that attracted over 7,000 players before being removed from Steam in February 2025. The game was a front for installing malware on players' PCs. A Telegram account was reportedly paying users to play and moderate the title, which explains the inflated download numbers. The malware was reportedly active for roughly six days before Valve pulled it from the platform and urged affected users to reformat their operating systems entirely.
Months later, in September 2025, BlockBlasters became the subject of another disturbing incident. The game was shared with a streamer who was raising money for cancer treatment. A malicious file called game2.bat had been injected into the game's files a month prior. That file drained more than $32,000 from the streamer's crypto wallet, with estimates suggesting hundreds of users had the game installed at the time. The streamer was eventually reimbursed, but the incident exposed a troubling attack vector: injecting malicious files into a Steam game update after the title has already built a small audience.
What most players miss is how much the official Steam storefront lent these games unwarranted credibility. Seeing a title listed on a trusted platform can cause even cautious users to drop their guard.
Malware hidden in plain sight
The Broader Security Implications for Valve
The BlockBlasters investigation took an unexpected turn when security researchers traced the stolen data back through Telegram accounts, eventually identifying a suspect who had publicly shared photos of cars on social media alongside links to their YouTube and X accounts. The VX Underground account on X reportedly followed the trail of hacked data to identify the perpetrator using information the scammer had voluntarily posted online.
The fact that the FBI's investigation window closes in January 2026 suggests no new active cases have emerged recently, but the pattern these attacks established will likely keep Valve engineers on alert. Bad actors demonstrated that injecting malicious files into a post-release game update is a viable method for bypassing Steam's initial review process.
The FBI's standard safety advice applies here too:
- Never share financial or personal information with accounts you don't recognize
- Treat any investment or financial advice from people you meet online with extreme caution
- Do not pay additional fees if you have already been scammed
- Avoid services that promise to recover lost funds
Pro tip: If you downloaded any of the seven named games between May 2024 and January 2026, check your system for unusual activity and report your experience to the FBI even if you aren't sure whether you suffered a direct financial loss.
Source: Pcgamer
Make sure to check out more:
Frequently Asked Questions (FAQs)
Which Steam games are named in the FBI's malware investigation?
The FBI has identified seven games: BlockBlasters, Chemia, Dashverse / DashFPS, Lampy, Lunara, PirateFI, and Tokenova. These titles were active on Steam primarily between May 2024 and January 2026.
How do you report being a victim of Steam malware to the FBI?
Victims can contact the FBI directly at [email protected] or fill out a form on the FBI's official website. You'll need your Steam ID, the name of the game you downloaded, the approximate download date, and details about any financial losses.
What should you do if you downloaded one of these games?
The FBI recommends reporting your experience even if you're unsure whether you suffered a financial loss. Valve previously advised users who downloaded PirateFI to reformat their operating systems. You should also monitor your accounts for unusual activity and avoid paying any third-party services that claim to recover lost funds.
