The FBI is asking gamers for help after discovering that several Steam games were used to hide malware capable of stealing money and sensitive personal data. The agency says these infected titles were downloaded through the popular PC marketplace and, in some cases, were used to target confidential information stored on players’ computers. Valve has confirmed the request is legitimate and is encouraging anyone affected to come forward, though the situation has reignited debate over how well the storefront screens what gets published.
According to the FBI’s Seattle Division, eight games are tied to the investigation, appearing on the marketplace between May 2024 and January 2026. Most were small indie releases, but they still reached enough players to cause real harm. The list includes titles such as BlockBlasters, Chemia, DashFPS, and PirateFi, all of which are referenced as part of the ongoing effort to identify victims and understand how the malware spread.
The warning has been circulating among players after a message attributed to Valve was shared publicly, with the company pointing users—especially those who downloaded the now-removed DashFPS—to cooperate with law enforcement. Some gamers initially doubted the communication because scammers often impersonate government agencies, but Valve reportedly verified that the outreach is real and intended to help the investigation.
One of the most alarming details is how these threats can be introduced after a game has already gained trust. In cases like BlockBlasters, the game reportedly launched normally, only for a later update to introduce malicious components. The malware included a hidden script designed to hunt for credentials stored on a PC, with cryptocurrency wallets being a prime target. The danger became widely known after a streamer reportedly lost more than $30,000 during a live broadcast, highlighting how quickly financial losses can occur once credentials are compromised.
The problem isn’t limited to full game releases, either. The situation involving People Playground is cited as an example of how community-driven content can also become a risk, with a malicious mod showing that workshop-style sharing systems can be exploited. Outcomes can range from losing save files to far more severe consequences, including major system damage or drained bank accounts, depending on what the malware is designed to do.
Valve has typically removed suspicious or confirmed malicious games after complaints and reports from users. Still, critics argue that reactive removals aren’t enough when malware can reach players in the first place. Part of the challenge is scale: it’s relatively inexpensive to publish on the marketplace, and the volume of new submissions continues to grow, making proactive moderation harder.
The FBI is asking anyone who downloaded the identified games—or believes they may have been impacted—to submit information to help build the case. After someone submits details, investigators may follow up and request an interview. For now, it’s unclear whether authorities outside the United States are running similar investigations, but the FBI’s outreach suggests the agency is taking the threat of malware hidden in game downloads seriously.
For gamers, the takeaway is simple: even legitimate-looking games and popular community spaces can be exploited. Keeping a close eye on unexpected updates, being cautious with lesser-known downloads, and treating sudden requests for sensitive information as red flags can help reduce the risk while the investigation continues.
