FBI Warns Gamers to Check Steam Libraries After Malware Found Hidden in Seven Games

The FBI is urging gamers worldwide to check their Steam accounts after an investigation revealed that seven games available on the platform contained hidden malware designed to steal personal data, login credentials, and cryptocurrency.

The investigation, led by the FBI's Seattle Division, centres on a prolonged campaign in which a threat actor published seemingly legitimate indie games on Valve's Steam platform between May 2024 and January 2026. The games were embedded with information-stealing malware capable of harvesting browser credentials, authentication cookies, and cryptocurrency wallet data.

The seven games identified in the investigation are: BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova. All have since been removed from Steam.

Why this matters for Irish gamers

Steam operates as a single global platform, meaning any player in Ireland or Europe who downloaded one of the affected titles during the investigation period faces the same risk as users in the United States. The malware did not discriminate by geography.

Authentication cookies are particularly valuable to attackers because they can allow access to accounts without needing a password, and in some cases can bypass two-factor authentication. Anyone who installed one of the listed games may have had their browser passwords, gaming accounts, email credentials, and financial information compromised without realising it.

In the European context, the potential unauthorised access to personal and financial data also falls within the scope of GDPR and national cybercrime legislation. Irish users who believe their data was compromised can report the matter to An Garda Síochána and the Data Protection Commission, in addition to the FBI's own victim reporting process.

How to check if you are affected

Players should review their Steam purchase and download history to confirm whether they installed BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, or Tokenova at any point between May 2024 and January 2026.

Valve has been cooperating with the investigation and has sent direct emails to users who downloaded and launched any of the affected games. Steam's message to those users confirmed that the FBI's notice and linked website are official and encouraged players to respond to the Bureau's survey.

What to do if you installed one of the games

If you downloaded any of the listed titles, security experts and authorities recommend taking the following steps. Uninstall the game immediately if it is still on your system. Run a full system scan using trusted antivirus software and check for any unfamiliar or recently installed programmes. Change passwords for your Steam account, email, banking, and any other services accessed from the same device. If your browser stored saved passwords, consider changing all of them. Review bank and cryptocurrency accounts for any unauthorised transactions. Consider reformatting your operating system if you want to be certain no malicious software remains.

Reporting to the FBI

The FBI has set up an official victim information form for anyone affected. Responses are voluntary but may assist the federal investigation and help identify potential victims. All identities will be kept confidential.

Anyone who knows someone who may have been affected can also contact the investigation team directly at Steam_Malware@fbi.gov.

The FBI has confirmed that the emails sent by Steam referencing the investigation and linking to the Bureau's website are official and authorised.