Support NeoGAF

R6Rider · 2025-09-22T20:53:13+0100

Infected Steam game downloads malware disguised as patch

A 2D platformer game called BlockBlasters has recently started showing signs of malicious activity after a patch release on August 30. While the user is playing the game, various bits of information are lifted from the PC the game is running on - including crypto wallet data. Hundreds of users...

www.gdatasoftware.com

First saw this on Reddit.
Reddit Post

The game is called BlockBlasters.

SteamDB has a warning on the game page:

https://steamdb.info/app/3872350/charts/

nial · 2025-09-22T20:59:19+0100

People are just so shit, man.

R3TRO · 2025-09-22T21:00:11+0100

Almost makes me want to stay away from small indie games.

Gamer_By_Proxy · 2025-09-22T21:02:26+0100

But is the game any good? Can't find it on Steam anymore.

The_hunter · 2025-09-22T21:03:19+0100

Only 8 users peak.

calistan · 2025-09-22T21:05:27+0100

The post-console launch patch for Ready or Not was like some sort of malware. Uninstalled the shit out of that game immediately.

peronmls · 2025-09-22T23:20:40+0100

Why keep the game up? Should the Steamdb Staff have them sort out this issue instead of making a warning?

ScHlAuChi · 2025-09-22T23:25:46+0100

Valve makes billions in profit and cant even check the damn games for malware?
Good job Gaben!

bender · 2025-09-22T23:27:47+0100

ScHlAuChi said:
Valve makes billions in profit and cant even check the damn games for malware?
Good job Gaben!

Running Casinos for children is time consuming.

DownLikeBCPowder · 2025-09-22T23:28:29+0100

peronmls said:
Why keep the game up? Should the Steamdb Staff have them sort out this issue instead of making a warning?

This is what I would think.. odd!

Nocty · 2025-09-22T23:28:59+0100

Not a good look for Valve at all.

adamsapple · 2025-09-22T23:30:25+0100

Get your shit together, Gabe.

Soodanim · 2025-09-22T23:33:54+0100

Average estimated owner count of 6.7k. Was this free? Peak concurrent of 8 means this wasn't exactly high on anyone's list, thankfully.

Valve scanning should be a standard thing, I'd say.

Edit: Valve do have some sort of screening, it seems:

These threat actors bypassed initial security screening from Valve which allowed the deployment of malicious patches and infected multiple users of the platform. Now we observed a similar case in another Steam-released game called BlockBlasters, further highlighting the ongoing risks to players.

Bojji · 2025-09-22T23:36:03+0100

adamsapple said:
Get your shit together, Gabe.

Soodanim · 2025-09-22T23:47:54+0100

Link in the article takes you to this:

thicc_girls_are_teh_best · 2025-09-22T23:59:32+0100

Soodanim said:
Link in the article takes you to this:

Yeah, this was really sad to see having happened; it hurts seeing people get screwed over like this, especially those in situations like him. Hope the dude can get the money back somehow through new donations and more secure crypto wallet/bank. Whoever made the "game" should be located and legally charged, sentenced with some heavy prison time and have all their assets and (likely additional) stolen money seized. Complete shitheads.

But also yeah, Valve need to really crack down on this. It does suck for them that sleazy, fake puritanical payment processors are trying to force Steam into censorship (tho some of the "games" clearly about & simulating sex assault only for pleasure needed to get yeeted, IMHO), but Valve should hopefully be able to deal with those losers while also actively cracking down on devs disguising malware and crypto draining programs as games on the storefront.

//DEVIL// · 2025-09-23T00:02:04+0100

"hundreds of users are affected "

rkofan87 · 2025-09-23T00:19:08+0100

R3TRO said:
Almost makes me want to stay away from small indie games.

same

MrTroubleMaker · 2025-09-23T00:35:43+0100

It was removed from steam.

Sophist · 2025-09-23T00:46:25+0100

ScHlAuChi said:
Valve makes billions in profit and cant even check the damn games for malware?
Good job Gaben!

It's hard to check without the source code. Especially that most anti-cheats are no different than malwares.

ScHlAuChi · 2025-09-23T01:46:52+0100

Sophist said:
It's hard to check without the source code. Especially that most anti-cheats are no different than malwares.

What a weak excuse, Valve could simply hire a large team of testers to check for that stuff.
But they dont want that!

The_hunter · 2025-09-23T01:51:11+0100

Sophist said:
It's hard to check without the source code. Especially that most anti-cheats are no different than malwares.

IOS and mac sandbox everything.

Best advice is to only download software with a lot of downloads, or a reputable developer.

coffinbirth · 2025-09-23T02:01:45+0100

It's not the first, and certainly won't be the last. Been a thing for years.

They snagged 907 crypto wallets with just this one game, allegedly.

Gripsx · 2025-09-23T02:37:52+0100

another reason to never use auto-update for any type of software

Reizo Ryuu · 2025-09-23T02:43:50+0100

thicc_girls_are_teh_best said:
Hope the dude can get the money back somehow through new donations and more secure crypto wallet/bank.

someone in the comments immediately sent him what he lost in crypto to replace it.

Draugoth · 2025-09-23T02:47:18+0100

Point Clicker is also a scam, and people are still clicking cookies thinking they will earn hundreds for some reasn

Generic · 2025-09-23T02:51:48+0100

Tim would never allow this.

March Climber · 2025-09-23T02:54:05+0100

R3TRO said:
Almost makes me want to stay away from small indie games.

If you want to be safe, check and see if it's on mobile app stores first, then read the reviews.

--If not--

If you want to be safer, mainly buy indie games that were ported to console.

--If not--

If you want to be the safest, wait for more than 10 user reviews before buying anything.

coffinbirth · 2025-09-23T03:10:11+0100

March Climber said:
If you want to be safe, check and see if it's on mobile app stores first, then read the reviews.

--If not--

If you want to be safer, mainly buy indie games that were ported to console.

--If not--

If you want to be the safest, wait for more than 10 user reviews before buying anything.

These scam games, including this one, have tons of fake positive user reviews.

These types of scams are impossible to differentiate from legit games on the surface, and unless you have access to the source code AND you know what to look for, something that end users of these scams aren't typically privy to, you'd be none the wiser.

The "safest" way to avoid malware like this is by not downloading trash you've never heard of. Search the game on youtube. If no one has played it, I would consider that a giant red flag.

March Climber · 2025-09-23T03:32:21+0100

coffinbirth said:
The "safest" way to avoid malware like this is by not downloading trash you've never heard of. Search the game on youtube. If no one has played it, I would consider that a giant red flag.

This sounds like a good option #4.

Have malware games like this made it to consoles?

Support NeoGAF

Infected Steam game downloads malware disguised as patch

Gold Member

Member

Member

About to beat off

Gold Member

Member

Member

Member

What time is it?

Member

Member

Or is it just one of Phil's balls in my throat?

Gold Member

Gold Member

Gold Member

Member

Member

Gold Member

Member

Member

Member

Gold Member

Member

Member

Gold Member

Gold Member

Member

Gold Member

Member

Gold Member

Similar threads