This week, a streamer attempting to raise money for their own cancer treatment instead lost $32,000 to malware added to a new Steam game after release. The Steam game, BlockBlasters, has now been yanked from sale, and the malware distributors reportedly identified and confronted by free-roaming cybersecurity nerds. The streamer in question, RastalandTV, has also been compensated for the theft. It’s a happier ending than you often get from malware infection stories, and a reminder to be wary of random free games on Steam.
Created by first-time Steam developer Genesis Interactive and published on 31st July, BlockBlasters is/was a free-to-play 2D action platformer about beating up crab monsters. As reported by PCGamer and shared in this week’s Maw by MiniMatt, RastalandTV downloaded the game after being prompted to do so in his stream chat. RastalandTV noticed the scam right in the middle of his fund-raising stream – be warned that the saved clip is very distressing.
As reported by cybersecurity site G Data, BlockBlasters appears to have been updated with malware after launch. It was patched on August 30th with a batch file whose functions include gathering Steam login details together with IP and location info, and searching for installed anti-virus products.
Having carried out these functions, G Data report, the batch script then executes scripts from password-protected archives (whose contents can’t, apparently, be detected during download) which record the user’s browser extensions and crypto wallet information, amongst other things. I suspect I’ve made a hash of summarising G Data’s analysis, so maybe read the rest on there.
Cryptocurrency investor Alex Becker has donated $30,000 to RastalandTV, so he’s at least recovered the bulk of the money for his cancer treatment. Meanwhile, vxunderground and other “open source intelligence” peeps claim they have used Telegram credentials inside the malware to track down the scammers and investigate their social media feeds. They say they’ve contacted one of the malware distributors, who initially promised to return the money, then “nuked everything” instead.
A few of the internet sleuths have put together a report that accuses Valve of “appalling levels of vetting”. The report also suggests that the game may have been deliberately developed to serve as a Trojan horse for the malware, given that one of the alleged scammers was at one point “looking for a video game programmer to make a basic 2D game”.
Another streamer has reported losing $15,000 to the BlockBlasters malware. A third says the scammers have been approaching various people in chat, trying to get them to download the game. Thousands of Steam users own BlockBlasters, according to a SteamDB.info estimate, and G Data say that hundreds may have downloaded the malware update. The site also claims that there has been “a rise in malware infections” from Steam games this year, citing another free-to-play title, PirateFi, and early access game Chemia.
Other than removing the game from Steam, Valve have yet to acknowledge or comment on the BlockBlasters story. I’ll ask them if they have anything to share right now about Steam security procedures.
