FBI Probe Targets Malware Hidden in Seven Steam Games, Seeks Victims

The FBI's Seattle Division opened a formal investigation into malware embedded across seven indie games sold on Valve's Steam storefront, publicly asking anyone who installed the titles to come forward with information. The seven games named are BlockBlasters, Chemia, Dashverse, Lampy, Lunara, PirateFi, and Tokenova, with some outlets noting the title Dashverse also appeared under the variant name DashFPS in certain listings.

"The FBI's Seattle Division is seeking to identify potential victims installing Steam games embedded with malware," the agency stated on its official victim outreach page. "The FBI believes the threat actor primarily targeted users between the timeframe of May 2024 and January 2026."

What makes the investigation notable is the FBI's consistent use of a singular "threat actor" in its documentation, strongly implying the bureau suspects one person or organized group published all seven titles as part of a coordinated scheme. Official investigation documents suggest the seven games were likely handled by the same person or group, a detail that transforms what might have looked like scattered bad actors into something resembling a deliberate, multi-title operation.

The games were not obviously suspicious at launch. Many looked and played like normal Steam releases, spanning genres from FPS titles to platformers. The malware typically arrived later, distributed through in-game patches flagged as suspicious after the fact. At least one early access title went further, asking players to opt into a playtest before injecting dangerous software onto their machines. Community reporting has described the malware as capable of stealing personal data and draining cryptocurrency wallets, though the FBI has not publicly released technical indicators confirming those specific capabilities.

All seven titles have since been removed from Steam, though no precise removal dates have been confirmed. The games sat on a platform hosting more than 100,000 titles since Valve launched Steam in 2004, a scale that has historically made vetting every release a challenge. Malicious mods and scam releases have surfaced on the platform repeatedly over its history, with Valve regularly pulling titles that attempt to steal user information.

Victims and anyone with relevant information can submit details through the FBI's online form or email Steam_Malware@fbi.gov directly. The FBI has also asked those who know of potentially affected individuals to direct them to the same address. "Based on the responses provided, you may be contacted by the FBI and asked to provide additional information," the agency's page states, adding that "all identities of victims will be kept confidential." Those who qualify as victims may also be eligible for certain services, restitution, and rights under U.S. federal and state law, according to reporting on the investigation's scope.

The FBI has not disclosed how many victims have already come forward, whether any charges have been filed, or the geographic range of the investigation.