A gamer suffered a significant financial loss after downloading the BlockBlasters game from Steam, resulting in $32,000 being drained from his cryptocurrency wallet. The game, published by Genesis Interactive, was compromised on August 30 when a malicious cryptodrainer component was added to its code.
The malicious component was discovered during a live fundraising stream by RastalandTV, a streamer who was using the game. Following the discovery, the game was removed from Steam. RastalandTV subsequently started a GoFundMe campaign to raise funds for cancer treatment, which garnered significant support after the incident came to light.
The impact of the malicious software extended beyond the initial victim, with attackers stealing a total of $150,000 from 261 Steam accounts. Crypto influencer Alex Becker came to RastalandTV’s aid by sending $32,500 to cover the loss incurred due to the hack. According to VXUnderground, the attack affected 478 victims in total, who were advised to reset their passwords as a precautionary measure.
Further analysis by researchers revealed the technical details of the attack, including the use of a dropper batch script, a Python backdoor, and a StealC payload, as documented by GDATA researchers. OSINT experts were able to identify the threat actor behind the attack as an Argentinian immigrant residing in Miami, Florida.
This incident is not an isolated case, as similar instances of malware-infected games on Steam have been reported earlier this year. In light of this, users who installed BlockBlasters are strongly advised to take immediate action to secure their information by resetting their Steam passwords and transferring their digital assets to new wallets.
