An apparently fake game has been removed from Valve’s Steam platform after allegedly stealing more than $150,000 from players.
The game, BlockBlasters, was a free-to-play retro platformer published by Genesis Interactive. It launched on July 30 and appeared safe at first, but security researchers say a malicious cryptodrainer component was added on August 30.
The game remained available on Steam for nearly two months, during which time it accumulated a few hundred “Very Positive” reviews before being pulled on September 21. It’s unclear if Valve or the developers were behind the removal.
Malware hidden inside “BlockBlasters”
The attack gained attention after Latvian Twitch streamer Raivo ‘RastaLandTV’ Plavnieks, who is battling Stage IV sarcoma, unknowingly broadcast his own victimization. While streaming a charity fundraiser for his cancer treatment, he was contacted by someone offering payment to demo BlockBlasters.
When he launched the game live on stream, it executed malware that drained his crypto wallet, including $32,000 earmarked for his treatment.
Investigator ZachXBT told BleepingComputer that more than $150,000 has been stolen from at least 261 victims.
“You clowns allow malware on your platform that has resulted in $150K+ stolen from victims (fake game has been available to download for more than a month),” he commented on a Steam X post.
VXUnderground, another security group, reported an even higher figure, pointing to 478 impacted accounts and publishing a list of usernames.
Researchers believe attackers specifically targeted Steam users who openly managed large crypto holdings, reaching out to them via X with invitations to test the game.
This isn’t the first time malware has slipped through Steam’s review process. As per Cyber Insider, in March, Valve pulled Sniper: Phantom’s Resolution after its demo redirected players to a malware-laced external file. A month earlier, PirateFi was delisted for shipping malware directly in its Steam build.
Security experts are urging anyone who installed BlockBlasters to reset their Steam credentials immediately and move cryptocurrency to new wallets.
