A gamer in search of monetary assist for most cancers therapy misplaced $32,000 after downloading from Steam a verified sport named BlockBlasters that drained his cryptocurrency pockets.
BlockBlasters is a 2D platformer that was out there on Steam for nearly two months, between July 30 and September 21. The sport was protected till August 30, when a cryptodrainer part was added.
Printed by developer Genesis Interactive and not on Steam, the retro-styled sport was a free-to-play title promising fast-paced motion on responsive controls, and had just a few hundred ‘Very Optimistic’ evaluations on the gaming platform.
The malicious part within the sport was revealed throughout a stay fundraising from online game streamer Raivo Plavnieks, a.ok.a. RastalandTV, who was attempting to boost funds for all times saving therapy towards stage 4 high-grade sarcoma.
“For anyone questioning what’s going on with $CANCER stay stream… my life was saved for complete 24 hours untill somebody tuned in my stream and received me to obtain verified sport on @Steam,” Plavnieks mentioned.
The gamer additionally began a GoFundMe crowdsourcing marketing campaign to obtain donations. On the time of writing, completion of the aim is at 58%. Nonetheless, some members of the crypto neighborhood provided to cowl the loss. Crypto influencer Alex Becker mentioned that he despatched Rastaland $32,500 to a protected pockets.
Because the Latvian gamer explains, he misplaced greater than $32,000 after downloading a verified sport on Steam.
Supply: Web Archive
Crypto investigator ZachXBT informed BleepingComputer that the attackers seem to have stolen a complete of $150,000 from 261 Steam accounts.
VXUnderground safety group, who has additionally been following the assault, reviews the next sufferer rely of 478, and revealed an inventory of usernames, urging their homeowners to right away reset their passwords.
Reportedly, these folks have been explicitly focused after being recognized over Twitter for managing vital cryptocurrency quantities, and have been presumably despatched invites to check out the sport.
A group of researchers revealed a short report detailing the dropper batch script that performs atmosphere checks earlier than it collects Steam login info together with the sufferer’s IP tackle, and uploads the information to a command and management (C2) system.
GDATA researcher Karsten Hahn additionally documented a Python backdoor, and a StealC payload, used alongside the batch stealer.
Supply: @struppigel | X
Investigators additionally highlighted an operational safety failure the place the attackers left their Telegram bot code and tokens uncovered.
There are unconfirmed reviews that OSINT consultants collaborating within the hunt recognized the menace actor as an Argentinian immigrant residing in Miami, Florida.
BleepingComputer has contacted Valve for a touch upon BlockBlasters and the alleged inaction following a number of reviews, however we’ve got not obtained a response by publication time.
The BlockBlasters incident shouldn’t be an remoted one on Steam. Comparable instances earlier this yr embody the Chemia survival crafting sport, Sniper: Phantom’s Decision, and PirateFi, all of which contaminated unsuspecting victims with information-stealing malware.
When you’ve got put in BlockBlasters in your laptop, it is strongly recommended to reset your Steam passwords instantly and transfer your digital belongings to new wallets.
On the whole, it’s advisable to be cautious with Steam video games which have a small variety of downloads and evaluations, and in addition titles in ‘beta’ improvement stage, as these can conceal malware payloads.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration developments.
