BlockBlasters Steam Patch Hides Malware, Steals Data

A malicious update disguised as a routine BlockBlasters Steam patch has exposed hundreds of users to a data-stealing malware campaign. The infected update, released on August 30, 2025, targeted players of the 2D platformer developed by Genesis Interactive, turning a trusted download into a vehicle for cyber intrusion.

Security analysts at G Data discovered the malware after detecting suspicious activity linked to the BlockBlasters Steam patch. Attackers bypassed Steam’s defenses and deployed a three-stage infection process that started with a batch file collecting IP addresses and antivirus data.

Subsequent payloads extracted browser credentials, Steam login details, and cryptocurrency wallet information. The malware used encrypted ZIP files and scripts to remain hidden, finally launching two programs: a backdoor and the StealC stealer. It also disabled Microsoft Defender alerts by altering exclusion paths.

The campaign reflects a broader trend of threat actors exploiting gaming platforms for high-value data theft.

Read the full report at: https://cybersecuritynews.com/blockblasters-steam-game-downloads-malware/