362/68 Wednesday, September 24, 2025
The Steam gaming platform has once again become a vector for cyberattacks after it was discovered that the verified game BlockBlasters was secretly embedding cryptodrainer malware designed to steal digital assets. Attackers employed a strategy of releasing what appeared to be a safe game with positive reviews at first, only to later update it with malicious code. Players who installed the game ended up losing significant amounts of cryptocurrency.
The attack was highly sophisticated, specifically targeting accounts that publicly disclosed their cryptocurrency holdings or profits on social media. Victims were lured into downloading the game through invitations. Once installed, a malicious dropper script executed to harvest sensitive information such as Steam login credentials and IP addresses, which were then exfiltrated to attacker-controlled servers. The incident caused damages exceeding $150,000 USD, affecting more than 500 user accounts.
This is not the first time such incidents have occurred on Steam, underscoring the ongoing challenges of ensuring security in game verification processes on the platform. Experts advise players who installed the compromised game to immediately change their passwords and transfer their digital assets to new wallets to prevent further losses. Users are also urged to exercise caution, especially with games that have few downloads, limited reviews, are in beta, or request excessive permissions – all of which can be exploited as attack vectors.
