FBI Warns Gamers About Malware Hidden in Indie Steam Games

Several indie games distributed through Steam harbored malware inside, the FBI has warned PC gamers.

Investigators have said the games seem legitimate, but secretly installed dangerous malware capable of stealing information from players’ PCs.

The campaign could have affected users who downloaded the games between May 2024 and January 2026. The FBI has asked potential victims to come forward.

Key takeaways

• The FBI is investigating a criminal campaign linked to indie games distributed via Steam that contained malware.
• The malware targeted gamers between May 2024 and January 2026.
• Infected titles reportedly included BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi and Tokenova.
• The malware was an information stealer that could harvest credentials, authentication cookies and cryptocurrency wallet info.
• Authorities are asking anyone who downloaded the games to report the incident.
• Gamers should remove the games mentioned by the FBI and scan their devices for malware.

What happened with the infected Steam games?

The FBI’s Seattle Field Office has launched an investigation after discovering that a number of indie games on Steam were actually distributing malware, alongside the games themselves.

Players who installed the games also downloaded dangerous software that ran silently in the background. The threat didn’t disrupt gameplay, but it did collect sensitive information from infected systems.

Authorities now say the campaign may have been active for more than a year. The FBI wants to identify potential victims and determine how widely the malware spread.

In support of this investigation, the authorities created a victim information portal and are encouraging anyone who installed the suspected games to submit details.

Which games were linked to the malware campaign?

Reports tied the campaign to several small indie titles that appeared legitimate on the platform. The games associated with the investigation include:

• BlockBlasters
• Chemia
• Dashverse / DashFPS
• Lampy
• Lunara
• PirateFi
• Tokenova

Many of these games attracted little attention before disappearing from the platform. They didn’t have a large number of players, a fact that may have allowed attackers to distribute the malware without raising immediate suspicion.

What the malware was designed to steal

Information stealers are a type of malware designed to collect a variety of information from infected devices, including credentials stored in browsers, authentication cookies used to keep users logged into websites and tokens linked to platforms such as Steam or Discord.

In some cases, the malware also targeted cryptocurrency wallet data and system information.

Authentication cookies are extremely valuable to attackers because they allow them to access accounts without passwords. Sometimes, depending on how the online service has implemented 2FA solutions, those can be bypassed too.

How gamers can protect their devices

Anyone who installed one of the listed games should remove it immediately and run a full malware scan on their system.

We also recommend changing passwords for gaming platforms, email accounts, and any financial services accessed from the same device.

Gamers should look closely at unfamiliar developers before installing new titles and remain cautious when downloading recently released indie games with little or no community feedback.

Protect your device with Bitdefender

Malware campaigns increasingly target gamers through trusted platforms and downloadable software.

Security solutions such as Bitdefender Total Security can detect suspicious behavior, block malicious files, and prevent information-stealing malware from compromising sensitive accounts.

Advanced behavioral monitoring helps identify threats even when attackers disguise them as legitimate applications.

FAQ

Can Steam games contain malware?

It rarely happens, but attackers can attempt to distribute malware through games uploaded to legitimate platforms. Unknown or newly released titles carry a higher risk.

What should I do if I installed one of the infected games?

Uninstall the game immediately, run a full malware scan and change passwords for affected accounts. If the browser were used to store passwords, you might need to change all of them.

Can malware steal my gaming accounts?

Yes. Information-stealing malware can collect login credentials or authentication cookies that attackers may use to hijack accounts.

Is Steam still safe to use?

Steam remains one of the most trusted gaming platforms, but users should remain cautious when installing unfamiliar titles and keep security software active.