Steam’s malware problem has resurfaced once again in 2025, this time involving BlockBlasters, a free 2D platformer from Genesis Interactive. Despite having passed the platform’s verification process, the game’s update on August 30, 2025, secretly added a malicious file named game2.bat. This script disabled antivirus software stole Steam login credentials and cryptocurrency wallet data, and sent the information directly to a hacker-controlled server. More than 478 players fell victim, losing a combined total of over $150,000.
One of the most heartbreaking cases involved streamer Raivo Plavnieks, known as RastalandTV, who was livestreaming a fundraiser to cover his stage 4 sarcoma cancer treatment. Viewers encouraged him to try BlockBlasters during the stream, but within minutes, $32,000 vanished from his Phantom and Solflare wallets. The theft unfolded live, prompting Rastaland to post on X, “My life had just 24 hours left before I was tricked into downloading a Steam game.” The incident shocked both the gaming and crypto communities.
Security firm G Data reported that BlockBlasters had been available on Steam since July 30, 2025, earning an 88% positive rating from over 6,000 players. However, the malware was introduced in a later update, spreading quickly as hackers ran phishing campaigns targeting streamers and offering payment for promotion. VX Underground revealed that the attackers coordinated via Telegram, with one hacker promising refunds before disappearing. Forensic analysis shows the same group had previously posted requests for 2D game developers and malware creators.
Crypto and gaming communities have since joined forces to trace the perpetrators. Telegram IDs linked to the hackers led to luxury car photos, Linktree pages, YouTube accounts, and Twitter profiles promoting the game to crypto influencers. Within a day, one of the developers was identified through stolen data. Prominent crypto creator Alex Becker even donated $30,000 to help Rastaland continue his treatment, while others launched a support campaign using the $CANCER token on Pump.fun.
This incident is far from isolated. Steam has already faced four major malware breaches in 2025, including PirateFi in February, which stole Steam accounts, Sniper: Phantom’s Resolution in March, which emptied user wallets, and Chemia in July, which was updated with spyware by a group called EncryptHub. These repeated incidents have forced Valve to pull multiple titles from the platform. Security experts continue to warn players about downloading free or early-access games with few reviews and advise performing system scans immediately after installation.
Valve officially removed BlockBlasters from Steam on September 21, 2025, following community outrage. Players are now calling for the platform to introduce stricter malware detection and more robust update verification systems to prevent future attacks.
