- 21
- 1
Another case of a malicious game being published on Steam has been discovered. The free-to-play retro platformer BlockBlasters, published by developer Genesis Interactive, was infected with a cryptocurrency drainer that stole data and emptied players' crypto wallets.
The game was released on July 30th and was initially safe, but on August 30th , a malicious component was added . It remained on Steam for almost two months, until September 21st, garnering hundreds of "very positive" reviews.
The issue came to light after Latvian streamer Raivo Plavnieks ( RastalandTV ) lost over $32,000 during a charity stream to support treatment for stage 4 sarcoma.
He downloaded a "verified" game from Steam and soon lost his cryptocurrency. The story caused a stir: subscribers and members of the crypto community compensated for some of the losses, including influencer Alex Becker, who transferred $32,500 to the victim.
According to crypto researcher ZachXBT, the attackers may have stolen approximately $150,000 from 261 Steam accounts. The VXUnderground group puts the number of victims at 478 and has already published a list of usernames, urging people to change their passwords immediately. Experts believe the attackers specifically targeted people with large crypto assets, sending them invitations to download the game via Twitter.
Researchers discovered that the attack used batch scripts to steal Steam logins, a Python backdoor, and the StealC malware module. Furthermore, the hackers made a serious operational security error by leaving their Telegram bot tokens exposed.
Valve has not yet commented on the situation. But this isn't the first time such incidents have occurred on Steam: games like Chemia , Sniper: Phantom's Resolution, and PirateFi have previously been found to be infected with malware .
Experts advise: if you have BlockBlasters installed, immediately change your Steam passwords and transfer your digital assets to new wallets. And be especially careful when installing unpopular or beta games on the platform.
The game was released on July 30th and was initially safe, but on August 30th , a malicious component was added . It remained on Steam for almost two months, until September 21st, garnering hundreds of "very positive" reviews.
The issue came to light after Latvian streamer Raivo Plavnieks ( RastalandTV ) lost over $32,000 during a charity stream to support treatment for stage 4 sarcoma.
He downloaded a "verified" game from Steam and soon lost his cryptocurrency. The story caused a stir: subscribers and members of the crypto community compensated for some of the losses, including influencer Alex Becker, who transferred $32,500 to the victim.
According to crypto researcher ZachXBT, the attackers may have stolen approximately $150,000 from 261 Steam accounts. The VXUnderground group puts the number of victims at 478 and has already published a list of usernames, urging people to change their passwords immediately. Experts believe the attackers specifically targeted people with large crypto assets, sending them invitations to download the game via Twitter.
Researchers discovered that the attack used batch scripts to steal Steam logins, a Python backdoor, and the StealC malware module. Furthermore, the hackers made a serious operational security error by leaving their Telegram bot tokens exposed.
Valve has not yet commented on the situation. But this isn't the first time such incidents have occurred on Steam: games like Chemia , Sniper: Phantom's Resolution, and PirateFi have previously been found to be infected with malware .
Experts advise: if you have BlockBlasters installed, immediately change your Steam passwords and transfer your digital assets to new wallets. And be especially careful when installing unpopular or beta games on the platform.