404 Media

2025-09-23 12:53:03

Steam Hosted Malware Game that Stole $32,000 from a Cancer Patient Live on Stream

A cancer patient lost $32,000 in crypto after installing a Steam game on his computer containing malware that drained one of his crypto wallets. Raivo Plavnieks is a 26 year old self-described “crypto degen” from Latvia who streams on the site Pump.fun under the name Rastaland. After a seven hour stream on September 20, Plavnieks logged off and cashed out his earnings from the stream.. Literally seconds later, someone drained those earnings from his wallet, according to an archive of the livestream and blockchain records reviewed by 404 Media.

Plavnieks had installed a game called BlockBlasters, a 2D platformer listed on Steam that launched July 31, 2025 to a small audience who’d given it positive reviews. But the game was a scam and an August patch injected malware into the game that was meant to scan a user’s hard drive for data and, ultimately, their crypto. BlockBlasters is no longer listed on Steam and has been flagged as malicious by the independent Steam archiving site SteamDB. Valve did not respond to 404 Media’s request for comment.
playlist.megaphone.fm?p=TBIEA2…
The cyber security firm G Data CyberDefense dug into BlockBlasters and detailed how the software got access to user’s crypto. SteamDB’s archive of the game’s patches shows 3 files added in the August 30 patch: game2.bat, and two zip files. According to the G Data writeup, the batch file collected information on the user’s machine and then unpacked the zip files. “The two VBS scripts that ‘game2.bat’ executes are batch file loaders,” G Data said. As the scripts run, they inject more malware into the user’s machine and eventually go after the data and extensions of Chrome, Brave, and Microsoft Edge browsers, the company said.

This is at least the third time this year Valve has pulled a game from Steam after it turned out to contain malware. In February, Valve pulled the survival game PirateFi after users discovered it contained password stealing malware. A month later, in March, people who tried to download a demo for Sniper: Phantom's Resolution were redirected from Steam to GitHub for the installer. Once again, it was malware.

Plavnieks' experience gave the BlockBlasters situation a higher profile than PirateFi and Sniper: Phantom’s Resolution. Footage of emaciated and exhausted Plavnieks sobbing on his livestream while one of his brothers attempted to soothe him struck a nerve with some in the crypto and security community online. The crypto space is full of rug pulls, burns, bad investments, and wild stunts, but stealing from a guy with cancer seemed like a bridge too far.

In addition to the G Data writeup, several other people have reverse-engineered BlockBusters code and, they believe, found the people responsible. “The shitty malware sent all the stolen data to a Telegram the scammers made,” vx-underground, a group of malware researchers, said in a post on X. “We connected to the Telegram channel using the same credentials that were inside of the shitty malware. Inside the channel was the scammer(s). We got their Telegram IDs.”

According to Plavnieks, he was able to get his creator rewards sent to a new (and safe) crypto wallet in the future. Cryptocurrency personality Alex Becker sent Plavnieks $32,000 to cover the cost of the losses. And a group of open-source intelligence hobbyists and interested tech folks dug into BlockBlasters code, figured out the scheme, built a list of alleged victims, and also found the people they think are responsible for the scam.

“I wanted to take a second and just thank you all from the bottom of my heart, me, my brothers, and my mom is completely left without words on all the support we have received past 24h after the hack happened,” Plavineks said in a post on X. “Seems like the whole [community] rallied together behind my story and is showing support one way or another.”

BlockBlasters update for 30 August 2025

List of changed files in BlockBlasters on Steam for build id 19799326.

^SteamDB