According to the FBI’s field office, a threat actor identified as “EncryptHub” embedded several strains of information-stealing malware into games available for download on Steam. The affected titles included PirateFi, Chemia, and BlockBlasters. The deployed malware included known threats such as Vidar and HijackLoader, as well as a custom tool named Fickle Stealer. In one publicly reported incident, a Twitch streamer lost approximately US$32,000 (AU$45,760) after the malware activated during a live cancer fundraising broadcast while playing BlockBlasters.
The operation was designed to compromise systems upon installation of the infected games. Once active, the malware’s primary function was to locate and exfiltrate data from victims’ computers. The software specifically sought out files associated with cryptocurrency wallets and credentials stored within web browsers. This method allowed the attacker to gain direct access to financial assets and sensitive personal accounts without the user’s immediate knowledge, leveraging the trust users place in the Steam distribution platform.
The primary motive behind the campaign appears to be financial theft. By targeting cryptocurrency wallets and login credentials, the threat actor EncryptHub aimed to steal valuable digital assets. The use of a popular gaming platform like Steam provided a wide distribution channel, allowing the attacker to reach a large pool of potential victims under the guise of legitimate software.
The full scope of the campaign remains unclear. The total number of players affected by the malware and the cumulative financial losses have not been disclosed by authorities. It is also not publicly known whether Steam’s parent company, Valve, has completely removed all instances of the malicious software from its platform or what specific security measures have been implemented in response.
The FBI’s investigation is ongoing. The agency is likely coordinating with Valve to identify the extent of the breach and prevent further infections. Victims who downloaded the compromised games may be contacted as part of the investigation. Authorities will continue to track the activities of the threat actor EncryptHub to prevent future attacks.
Users who downloaded games from Steam between and should take precautionary steps. It is advised to review download history for the specified titles, run comprehensive anti-malware scans, and change passwords for critical accounts. Enabling two-factor authentication on Steam and financial platforms is also a recommended security measure. Any suspected fraudulent activity should be reported to the FBI’s Internet Crime Complaint Center (IC3).
Follow Hashlytics on Bluesky, LinkedIn , Telegram and X to Get Instant Updates