FBI Investigating After Malware Found Lurking in Steam PC Games

In brief

• The FBI is investigating after several PC games on the Steam platform were found to contain malware.
• Some titles appeared to function as normal games, but installed malicious software on players’ computers.
• Similar malware campaigns have targeted gamers through fan games and cheat software.

The FBI is investigating the distribution of malware through several video games hosted on Steam, the popular PC gaming platform operated by Valve. The agency said Friday it is seeking victims whose computers may have been infected after downloading games believed to contain malicious software. “The FBI believes the threat actor primarily targeted users between the timeframe of May 2024 and January 2026,” the agency wrote.

The FBI’s investigation is targeting several PC games, including BlockBlasters, Chemia, Dashverse, DashFPS, Lampy, Lunara, PirateFi, and Tokenova.  Last summer, several games, including Chemia and PirateFi, were removed by Steam after they were discovered to include malware. Steam is one of the largest digital distribution platforms for PC games. In 2025, Steam reached over 132 million monthly active users with over 117,000 games. While the infected titles appeared to be games and were approved for sale on the platform, the FBI says they instead installed malware on players’ computers.

The FBI is seeking information from gamers who may have been affected by the malware. “The FBI is legally mandated to identify victims of federal crimes it investigates,” an FBI spokesperson told Decrypt. “Victims may be eligible for certain services, restitution, and rights under federal and/or state law. All identities of victims will be kept confidential,” they said, adding that the agency is unable to provide specific details. Decrypt reached out to Valve for comment on the investigation, but did not immediately receive a response. Malware targeting gamers has appeared in both game downloads and third-party tools linked to popular titles. Back in 2023, a fan game based on Nintendo’s Super Mario franchise was found to contain malware capable of hijacking cryptocurrency wallets, deploying software designed to steal passwords, and installing crypto-mining software that ran in the background on infected computers. In March 2024, cybersecurity firm VX Underground warned that players searching for cheat software for the first-person shooter series Call of Duty were exposed to malware capable of draining Bitcoin wallets. It’s unknown how many people were affected, but VX Underground said the attack potentially affected more than 4.9 million gaming accounts across multiple platforms. And in December, Kaspersky identified an infostealer malware in pirated mods for Roblox and other games.