FBI Investigates Malware‑Laden Steam Games Targeting Gamers and Crypto Assets
What Happened — The FBI’s Seattle Division has opened an investigation into eight Steam‑distributed games that were found to contain malicious code capable of hijacking accounts and stealing cryptocurrency. The agency is asking anyone who installed these titles between May 2024 and January 2026 to submit information via a short questionnaire.
Why It Matters for TPRM —
- Supply‑chain risk: Third‑party software (games) can become a vector for malware that compromises end‑user devices and corporate accounts.
- Credential and crypto theft: Compromised accounts may be linked to corporate wallets or SaaS credentials, exposing financial loss and reputational damage.
- Legal exposure: Victims may be eligible for restitution, but organizations that failed to vet distribution channels could face liability.
Who Is Affected — Gaming industry, digital distribution platforms, cryptocurrency services, and any enterprise that allows employees to install games on corporate devices.
Recommended Actions —
- Review and tighten policies on personal software installation on corporate endpoints.
- Verify that any Steam‑based tools used for training or demos are sourced from vetted, verified publishers.
- Deploy endpoint detection and response (EDR) solutions capable of detecting known Steam‑malware signatures.
Technical Notes — The malicious games embedded trojanized installers that dropped cryptocurrency‑stealing malware and keyloggers. No specific CVE was disclosed; the threat relies on supply‑chain compromise rather than a software vulnerability. Data types at risk include login credentials, crypto wallet keys, and personal identifying information. Source: SecurityAffairs