Online gaming storefront Steam unknowingly hosted crypto malware through one of its games. “Block Blasters,” the fake game in question, enabled at least $150,000 in token thefts.
Steam removed this game after popular crypto sleuths amplified news of the hack. Still, the incident represents a major security breach for this venerable software platform.
Steam Hosted Crypto Malware
Part of the ongoing crypto crime wave has involved increasingly sophisticated malware operations, which use new vectors to steal tokens.
SponsoredNonetheless, this newest scamming method is particularly unsettling. Steam is the gold standard for online gaming storefronts, and it directly hosted crypto malware:
Specifically, Steam hosted sales of “Block Blasters,” a fake game containing dangerous malware. For over one month, this game was live, running secret executables that would target players’ wallets.
In this way, it stole at least $150,000 in various cryptoassets, but the total theft quantity may be much higher.
Cracking The Case
ZachXBT, a famous crypto sleuth, didn’t necessarily spearhead this malware investigation, but he used his large platform to alert Steam. To its credit, the platform quickly removed the game after his notification. Nonetheless, it never should’ve survived on the storefront for several weeks.
The investigators who unraveled this scheme uncovered several disturbing trends. First of all, the malware itself showed telltale fingerprints of AI-generated code, which allowed white hats to dissect it comprehensively. This may explain how they were able to confront the hackers directly.
Essentially, this Steam crypto malware investigation began after a terminally ill cancer patient was defrauded of $32,000. The criminals showed zero remorse when confronted, claiming that the victim would “make it all back” as an active crypto trader.
This disturbing comment further incensed investigators to take apart the group.
These hackers evidently had little technical prowess, leaning on AI to make their software infrastructure and getting unmasked by community detectives. Still, their blatant malware managed to bypass all of Steam’s security protocols.
In other words, this is a major scandal, and Steam needs to take more proactive prevention measures in the future.
