Malware strikes Steam once more as recreation replace hides crypto trojan

Steam has plenty of issues, nevertheless it’s extensively thought-about the very best PC gaming retailer and platform. However being primary makes you a goal, and a type of issues seems to be a rising variety of malware assaults that use Steam as a supply vector. The newest was noticed in a freebie recreation…however not earlier than it allegedly managed to steal a small fortune in cryptocurrency.

The sport is BlockBlasters, and I’m linking to SteamDB as a result of it’s been vanished from the official retailer simply a few months after being revealed, regardless of reportedly being verified. The free-to-play 2D recreation allegedly contained a trojan with a “cryptodrainer” program in a post-launch replace that managed to hunt out, discover, and steal roughly $150,000 from tons of of particular person Steam customers. This consists of one streamer who reportedly misplaced over $30,000 whereas elevating funds for his or her most cancers therapy.

In line with BleepingComputer, safety researchers recognized BlockBlasters as malware that seeks out and steals Steam login data together with different data. This was apparently used to search out related cryptocurrency pockets accounts and drain them. The operators appear to have focused streamers and Twitter customers particularly identified to be invested in cryptocurrency with a spearphishing marketing campaign. Reporters apparently have a US-based suspect because of leaked Telegram data, however there have been no arrests.

Valve has not commented on the investigation. That is the fourth high-profile instance of malware making its means onto Steam and being downloaded by most of the people in 2025, following comparable incidents in July, March, and February.