The post Ghosts in the Hypervisor: Mandiant Exposes the 400-Day vSphere Takeover appeared first on Daily CyberSecurity.

The FBI is asking gamers who installed malware-infected Steam games between May 2024 and January 2026 to come forward as part of an ongoing investigation.

The FBI is seeking gamers who downloaded Steam games later found to contain malware. According to a notice from the FBI’s Seattle Division, investigators are trying to identify victims who installed one of eight malicious titles on the platform between May 2024 and January 2026 as part of an ongoing probe.

“The FBI’s Seattle Division is seeking to identify potential victims installing Steam games embedded with malware. The FBI believes the threat actor primarily targeted users between the timeframe of May 2024 and January 2026. In the investigation, several games have been identified to include, BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova.” reads the notice published by the Bureau.

“If you and/or your minor dependent(s) were victimized from installing one of these games or have information relevant to this investigation, please fill out this short form.”

The FBI must identify victims of federal crimes; responses are voluntary but can aid investigations, restitution, and services. Victim identities remain confidential.

“The FBI is legally mandated to identify victims of federal crimes it investigates. Victims may be eligible for certain services, restitution, and rights under federal and/or state law. Your responses are voluntary but may be useful in the federal investigation and to identify you as a potential victim.” continues the notice. “Based on the responses provided, you may be contacted by the FBI and asked to provide additional information. All identities of victims will be kept confidential.”

The FBI questionnaire focuses on cases of cryptocurrency theft and account hijacking linked to malware hidden in Steam games. Victims are asked about compromised accounts, crypto transactions, and stolen funds, and to share screenshots of communications with those who promoted the titles. The bureau said identifying victims is required by law and may enable restitution, adding that all identities will remain confidential.

The FBI asks anyone aware of other victims to have them contact Steam_Malware@fbi.gov.

Steam warned affected players to check for malicious files, run antivirus scans, review software, and consider reinstalling their OS.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, FBI)

A month or so ago a friend of mine received the following message on Steam from someone in their Friends list (they were already friends):

Figure 1 - 'this is for you'

The two links are different and refer to a Gift Card on Steam's community platform. As you might have noticed, the domain is not related to Steam at all, but rather is an attempt at phishing.

 The URLs are:

stermcormmunity[.]com/gift-card/
steamcoummuniity[.]com/gift-card/

The differences are subtle enough that you may just miss it. When you click on the link, you are redirected to a 'Summer Gift Marathon'.

Figure 2 - Fake Steam website

Once you log in to the fake Steam website, your credentials are stolen and will be used to spread more phishing, likely steal your inventory items and so on.

Other phishing sites related to this campaign are:

steam-pubgvn[.]top
steamauthconnection[.]store
steamcommnunity[.]com
steamcommunitay[.]com
steamcommunitfy[.]com
steamcommunitihy[.]icu
steamcommunitiny[.]com
steamcommunitweya[.]art
steamcommunl1ty[.]com
steamcommunllity[.]com
steamcommunty[.]ru
steamcommununity[.]cam
steamcommunutiy[.]com
steamcomnunityty[.]com
steamcomnunlity[.]com
steamcomnuty[.]com
steamcomrnnunlty[.]com
steamcomun1ty[.]com
steamcomuniry[.]com
steamconmunify[.]com
steamconnection[.]store
steamcornmunlty[.]ru
steamcornrnunlty[.]ru
steamlinks-short[.]com
stearncommunjty[.]com
stearncommunnity[.]com
stearncomnunity[.]com
stearncornnunity[.]com
steeamcommunitty[.]com
unevwsteeamcommunitty[.]com 

New ones do pop up from time to time, so stay vigilant. 

Tips