Steam Malware Outbreak 2025: Gamers Lose Over $150,000 in Crypto After Playing Infected Titles

Steam malware 2025 infects verified games like BlockBlasters and Chemia, stealing $150K in crypto.
By Saleh Alshuraim

The Steam malware outbreak of 2025 has shocked the gaming world — two popular games, BlockBlasters and Chemia, were discovered to contain hidden malware that stole cryptocurrency and sensitive user data.

Cybersecurity experts warn that this may be one of the most dangerous supply-chain compromises in gaming history.

What Happened

In September 2025, reports surfaced that Steam’s game distribution system was exploited by hackers to spread cryptocurrency-stealing malware through verified titles.

  • The 2D platformer BlockBlasters, downloaded by thousands of players, was found to include a malicious update that installed a crypto-drainer directly on players’ PCs.
  • Around the same time, a separate Early Access game called “Chemia” contained three malware strains:
    • Fickle Stealer – steals passwords and browser data
    • Vidar Stealer – targets cryptocurrency wallets
    • HijackLoader – installs new malware remotely

Security researchers from G DATA and Tom’s Hardware confirmed that these infected titles collectively caused over $150,000 USD in stolen crypto assets before being removed from Steam.

How the Steam Malware Spread

Hackers reportedly infiltrated developer accounts to upload malicious updates disguised as legitimate game patches.

Because Steam automatically pushes updates, users didn’t need to manually download anything — the malware spread instantly once the games were opened.

This technique, known as a supply-chain attack, mirrors tactics seen in SolarWinds and 3CX breaches — but applied to the gaming world.

Why This Matters

This incident highlights a massive security gap in gaming platforms:

Even “verified” games on trusted platforms can carry malware.

Attackers are now targeting gaming ecosystems to:

  • Steal crypto and NFTs linked to gamer wallets
  • Harvest Steam login data and browser cookies
  • Use infected PCs to mine cryptocurrency in the background

As AI-powered game development grows, experts warn that malicious code injection will only become easier and harder to detect.

How to Protect Yourself

If you’ve downloaded BlockBlasters, Chemia, or any recently updated indie game, here’s what to do immediately:

  1. Uninstall any suspicious game and clear residual files.
  2. Scan your system using reputable anti-malware tools like Bitdefender, Malwarebytes, or Windows Defender Offline.
  3. Check crypto wallets for unauthorized transactions.
  4. Change all passwords stored in your browser or Steam account.
  5. Enable Steam Guard + hardware MFA for extra protection.

Expert Insight

Cybersecurity analyst Riley Carter from Bitdefender comments:

“This is a wake-up call for every gamer — even verified platforms are not immune. Attackers are now using Steam as a malware distribution pipeline.”

Researchers suggest that Valve (Steam’s parent company) tighten developer authentication and introduce code-signing verification for all uploaded games.

Featured

Scroll to Top