Husain Parvez
Published on: October 3, 2025
Valve has pulled the 2D platformer BlockBlasters from Steam after a malicious update enabled it to steal over $150,000 in cryptocurrency from users, including $32,000 from a Latvian streamer raising funds for cancer treatment. As reported by BleepingComputer and confirmed by malware researchers at G Data, the game was originally published on July 30, 2025, by Genesis Interactive and appeared legitimate, even earning more than 200 “Very Positive” reviews.
But a patch released on August 30 silently injected a cryptostealer, which began exfiltrating sensitive data such as crypto wallets, Steam credentials, browser extensions, and IP information from users’ machines. The campaign appears to have been targeted, with vx-underground reporting that “the Steam game was actually a cryptodrainer masquerading as a legitimate video game” and that some streamers were approached with fake promotional offers.
G Data’s analysis of the infected patch found a staged malware structure starting with a batch script named game2.bat, which checked for antivirus tools, harvested user information, and uploaded the data to a remote C2 server. Additional scripts (launch1.vbs, test.vbs) and executables (Client-built2.exe, Block1.exe) then loaded a Python-based backdoor and the StealC info-stealer. The malware added folder exclusions to Microsoft Defender and hid its actions behind the game’s launcher.
Latvian streamer Raivo Plavnieks (RastalandTV), who has stage 4 cancer, said they were infected during a live fundraiser. “For anybody wondering what is going on … my life was saved … until someone tuned in my stream and got me to download verified game on @Steam,” he posted on X.
Steam removed BlockBlasters on September 21. The incident follows a growing pattern of malware-laced games slipping past Valve’s initial screening, including Chemia and PirateFi. G Data noted that “hundreds of users are potentially affected” by the BlockBlasters campaign, which used password-protected archives and deprecated RC4 encryption to bypass detection.
As of early September, the game still had active players and was flagged as suspicious on SteamDB, reinforcing concerns about malware threats on mainstream game platforms.
