A verified Steam game was recently discovered to contain a cryptodrainer component, following multiple gamers being robbed after playing it. The game in question was BlockBlasters, a 2D platformer available on the gaming service between July and September.
What happened
According to Bleeping Computer, the game was safe until August 30, when it was compromised with a cryptodrainer component. It first came to the public’s attention when Latvian streamer Raivo Plavnieks, of RastalandTV, played the game during a fundraising stream to raise money for his treatment of stage 4 cancer. The game then proceeded to drain $32,000 from his cryptocurrency wallet. About the incident, the streamer said:
“For anybody wondering what is going on with $CANCER live stream… my life was saved for whole 24 hours untill someone tuned in my stream and got me to download verified game on @Steam.”
The exact number of victims is unclear, but the VXUnderground security group reports that around 478 Steam accounts have been impacted. It’s believed that up to $150,000 was stolen overall. Apparently, those affected were targeted explicitly on X when they were discovered to have significant amounts of cryptocurrency.
The game, published by Genesis Interactive, had a few hundred “Very positive” reviews on Steam before it was pulled.
Similar incidents this year
Worryingly, this isn’t the first time such an incident has occurred this year. In February, PCMag reported that a free-to-play Steam game called PirateFi was infecting computers with Windows’-based malware. The malware stole browser cookies, allowing the threat actors to hijack access to a victim’s online accounts. The issue was first reported when a Steam user discovered that their antivirus software prevented them from installing the game.
After that, in March, there was Sniper: Phantom’s Resolution. Unlike the previous games mentioned, this encouraged people to download the game outside of the Steam platform, which is always a red flag. According to Bleeping Computer, the game contained malware, including a privilege escalation utility and cookie-stealing capabilities. 1500 people downloaded it before it was finally removed from Steam and GitHub.
Lastly, in July, Malwarebytes reported about a cybercriminal known as EncryptHub who managed to add malicious files to a game called Chemia on Steam. These files included Vidar, a Malware-as-a-Service information stealer; HijackLoader, a malware loader that can add additional malware, such as Trojans, to infected computers; and The Fickle stealer, an information stealer that uses PowerShell scripts to steal sensitive information from computer files, including cryptocurrency wallet details, and more.
How to protect yourself while gaming
It’s worrying that such a major platform in the gaming sphere is being impacted by malicious activities. To avoid becoming a victim, extra caution is key. In general, don’t play games brought to your attention by unsolicited messages. Be wary of games in beta or with very few reviews. Lastly, always have an up-to-date malware detector that will flag malicious files before they infect your computer.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.