Steam Game Update Becomes Vector for Crypto-Stealing Malware

A popular indie game, BlockBlasters, was compromised through a malicious update on a major gaming platform. The patch secretly installed an information-stealing malware designed to harvest sensitive data, including cryptocurrency wallet credentials, browser passwords, and gaming account details. The attack utilized a multi-stage process involving batch scripts and VBS loaders to disable security software and deploy its payloads. This campaign had real-world consequences, with one player losing a substantial amount of cryptocurrency during a live stream after installing the compromised game. The incident highlights the growing risk of supply chain attacks within the gaming industry, where legitimate software updates are used as a delivery mechanism for malware.