The FBI is asking gamers who unwittingly downloaded malware from the popular Steam platform to help with its investigation.
FBI’s Seattle Division issued a notice in mid-March as it continued in its search for the threat actor responsible for the malware campaign.
“The FBI believes the threat actor primarily targeted users between the timeframe of May 2024 and January 2026,” it said.
“In the investigation, several games have been identified to include, BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova.”
The Feds called on any gamers impacted by the campaign to fill out a short form, or do so on behalf of any dependents in their household that may have been victimized.
Read more on Steam malware: Hackers Steal Steam Credentials With ‘Browser-in-the-Browser’ Technique.
“The FBI is legally mandated to identify victims of federal crimes it investigates. Victims may be eligible for certain services, restitution, and rights under federal and/or state law,” the notice continued.
“Your responses are voluntary but may be useful in the federal investigation and to identify you as a potential victim. Based on the responses provided, you may be contacted by the FBI and asked to provide additional information. All identities of victims will be kept confidential.”
Asking the Right Questions
Judging by the questionnaire attached to the public outreach note, the FBI wants to know from victims whether anyone communicated with them before or after downloading the game, and on what channel.
Investigators also want to know whether the victim lost any money, and their crypto wallet or bank account details.
Steam is a popular malware distribution channel for infostealers designed to steal personal information and digital money from victims.
The platform is also a target for social engineering attacks impersonating its brand.
A Guardio report from last year claimed that Steam was the most phished brand of Q1 2025 “by a significant margin.”
Fake messages impersonating Steam warn users of payment failures or suspicious logins, but are actually an attempt to trick them into entering their credentials on phishing sites. Others claim the user has won a Steam gift card or similar and encourage them to click through on a malicious link.
Image credits: Diego Thomazini / Thrive Studios ID / Shutterstock
