Verified Steam game exposed for robbing streamer's cancer donations

A cancer patient who was looking for donations to put toward their treatment has lost approximately $32,000 in donations after they downloaded a verified Steam game that was on the platform for almost two months.

2

According to a report from BleepingComputer, BlockBlasters, a 2D platformer title, was on the Steam platform for nearly two months before it was removed for containing malware, a violation of Steam's terms of service. However, the malware-infected game managed to claim a victim before it was removed, and that victim was streamer Raivo Plavnieks, or @RastalandTV.

Plavnieks was trying to raise funds during a livestream for their cancer treatment when a user joined the livestream and got them to download BlockBlasters, which had several hundred "Very Positive" reviews on the Steam Store listing.

"For anybody wondering what is going on with $CANCER live stream... my life was saved for whole 24 hours untill someone tuned in my stream and got me to download verified game on @Steam," said Plavnieks

Crypto investigator ZachXBT spoke to BleepingComputer and said the attackers behind the malicious game have seemingly stolen approximately $150,000 from 261 Steam accounts. However, VXUnderground, a security group that has been following the scandal are reporting a much higher victim count of 478, and published a list of usernames of the victims, recommending them to change their account details immediately.

How did the Steam game actually steal money from users? GDATA research Karsten Hahn identified a Python backdoor and a StealC payload. Additionally, a research group found a dropper batch script that performs an environment check before it scrapes Steam login information and the victim's IP addresses. Once the data on the user was collected, it was uploaded to a command and control (C2) system.

In a nutshell, the Steam game scraped Steam login info and any other relevant information that was then used to break into cryptocurrency wallets of users. Reports indicate the attackers selected their targets carefully, making sure they had substantial cryptocurrency investments.

Notably, cryptocurrency influencer Alex Becker said he sent $32,500 to Plavnieks in a safe wallet. Steam has yet to comment on the ongoing situation.

As for the attacker, researchers have been able to identify a US-based suspect, an Argentinian immigrant living in Miami, Florida. However, no arrests have been made, nor has any comment been made by authorities.

Furthermore, this isn't the first time Steam has been used as a platform by bad actors to gather information on users, as it was only earlier this year that Valve sent out emails to gamers who downloaded a specific game recommending they reinstall their operating system. If you are interested in reading more about that story, you can check it out below.

• Read more: Valve officially recommends re-installing your operating system if you played this game