10 Times Nasty Malware Hid In Official Video Games

Computer viruses and malware are everywhere. Your PC can contract these malicious scraps of code when you visit infected sites or, more commonly, download compromised files. That's why you should never open attachments in emails from senders you don't recognize, and why you can easily infect your computer by mistake if you're a gamer.

Let's be honest: Nobody wants to pay for games. Many people would rather get a game for free, but that's piracy and technically illegal. More importantly, many hackers love to inject viruses into cracked copies of games. For instance, the Winos4.0 malware, which seized control of computers, spread through infected game applications. While purchasing games can take a sizable chunk out of your wallet, at least you'll never have to worry about accidentally downloading a virus — except when you do. 

Sometimes, developers intentionally insert malware into their games, and at other times, it's the fault of fan-built content and its creators. And once every blue moon, a studio codes a game on a computer infected with a virus and passes it onto you completely by accident. This is why we can't have nice things. Read on to learn about times you thought it was safe to purchase and play games through official channels, but it actually wasn't.

Cheats used to be fun, simple alternate play modes that changed up local multiplayer matches or single-player titles. That all went out the window with competitive multiplayer games. Now, players can give themselves unfair advantages, and some studios are so desperate to eliminate them that they are willing to use a cure that is worse than the disease.

The game "Guild Wars 2" is a popular massively multiplayer online role-playing game (MMORPG) developed by ArenaNet and published by NCSoft. The title is free-to-play with the caveat that anyone who wants to venture past the base classes and locations must purchase expansions. While the game has a robust campaign and cooperative party experience, the meat of the adventure is in the PvP content. As such, some players are so desperate to gain an advantage over others that they download cheat programs. ArenaNet's response? Spyware. No, seriously.

In March of 2018, ArenaNet published an update for "Guild Wars 2" that downloaded spyware onto every computer with an installed copy of the game. The program worked in the background and scanned computer files for apps and executables designed to interact with "Guild Wars 2" and provide users an unfair advantage, also known as a cheat. The overwhelming majority of players considered this a breach of privacy. In the spirit of fairness, this morally controversial decision allowed ArenaNet to unmask and ban almost 1,600 players using cheat engines. Well, allegedly. 

Digital Rights Management (DRM) is one of the dirtiest terms in the video game industry. These tools are supposed to prevent gamers from playing unauthorized (i.e., pirated) copies of titles, but the programs used to enforce this legal compliance range from bloatware that slows down gameplay to actual malware.

The "Microsoft Flight Simulator" franchise is exactly what it sounds like. The series of games lets players fly a variety of aircraft over a simulated recreation of Earth. Gamers can tweak the flying controls to be as arcadey or realistic as they like, but the lion's share of the experience comes from DLC. "Microsoft Fight Simulator" sells licensed planes and airports, and the game even added helicopters and gliders to the catalog. One could easily go bankrupt trying to complete their collection of digital aircraft. Unless someone pirates them, that is. That's why some developers added malware to the game.

In 2018, Flight Sim Labs came under fire for its A320 airliner add-on. No, the DLC wasn't buggy; It contained a malware program that stole usernames and passwords stored in Google Chrome. To make matters worse, Flight Sim Labs founder Lefteris Kalamaras admitted this program was intentionally injected into the DLC to catch software pirates. Kalamaras claimed that the malware didn't pose a threat to players who purchased the DLC legitimately, but since it was, in fact, malware, many players didn't see it that way. And the worst part? Flight Sim Labs was only after one pirate in particular. Talk about using a nuclear option.

Many people assume Apple computers can't get viruses. This is patently false, as a nasty piece of malware was intentionally disguised as a popular macOS app installer. However, the point remains: Computer viruses are limited by the operating systems for which they are designed. Malware programmed for Windows can't infect game consoles. However, they can remain dormant on discs until the right time comes.

The "Atelier" series is a long-running RPG franchise that has many of the hallmarks of JRPGs (turn-based combat, lengthy narrative, earworm music), but its standout feature is a robust crafting system. The first entry, "Atelier Marie: The Alchemist of Salburg," was a Japan-exclusive for the PlayStation. This game was eventually remade and bundled with its sequel, "Atelier Elie: The Alchemist of Salburg 2." to create "Atelier Marie & Elie" on the Sega Dreamcast – again exclusive to Japan. Plus, each disc contained free computer screensavers and wallpapers that users could download. But that wasn't all the PC-exclusive content on the discs.

Every release copy of the game shipped infected with the infamous Kris virus. While the malware is rendered harmless by modern antivirus software, back in the day, the program could delete one's computer BIOS, leaving it unable to boot. How did the virus end up on Dreamcast game discs? The running theory is that a game coder's work PC was infected, and the malware was passed onto the master disc and every game disc burned in its image. Of course, because of how the Kris virus functioned, it couldn't affect Dreamcasts, but it rendered the free screensaver and wallpaper moot.

You can weather most viral outbreaks through quarantine. The same applies to most computer viruses — you can't get sick if you don't contact anyone who's infected. If you don't download the infected files, your computer can't contract the digital disease. That strategy goes out the window when dealing with viruses that can hide in the most innocuous mediums.

"Minecraft" is one of the biggest franchises out there. The IP began as a simple game about mining and crafting in a world made up of blocks, but quickly evolved into a multimedia juggernaut that includes board games, movies, and spin-offs, including a dungeon crawler. In the base game, players can show off their personalities with intricate creations or by wearing skins they can either purchase in the store or create themselves. However, skins weren't always just cosmetic.

In April of 2018, almost 50,000 "Minecraft" players found their computers infected with a nasty PowerShell script. This program was hidden in PNG files used to customize "Minecraft" character skins. While the malware was simple in design, once activated, it reformatted hard drives and even deleted backup data. This sounds bad enough, but the virus's sinister brilliance came from its source. The PNG files that housed the PowerShell script originated from the official "Minecraft" website, so anyone who downloaded them probably thought virus software detections were false positives. Thankfully, Mojang patched out the ability to inject superfluous information into PNG files uploaded to the website. Talk about hiding in plain sight.

While many games are curated experiences, some rely on players to create content. Some of the best modern developers began by modding games and developing their own levels, models, and scripts. However, this Wild West approach to development is potentially ripe for abuse.

Less an actual game and more a physics sandbox, "Garry's Mod" lets players fool around with assets from Valve's Source engine. However, the real fun begins when owners download add-ons created by other users. Then they can play as characters from unrelated games and even join custom game modes such as "Trouble in Terrorist Town" and "Prop Hunt." However, some add-ons won't work unless users download other add-ons, so it's easy to just autopilot through downloads and forget how many one owns. This can prove problematic if a developer goes rogue.

In June of 2022, many "Garry's Mod" players were greeted by an unwelcome surprise: Every time they tried to move, the game blared a loud scream in their speakers (or headphones) and displayed a graphic NSFW image that took up their entire screen. The culprit was none other than Glue Library, an add-on designed to make more complex add-ons cooperate with "Garry's Mod." The developer had quietly updated the program, installing a profane prank that spread like a virus. Either Glue Library's new code infected other add-ons, or demented developers transformed their mods into NSFW jumpscares. You can't find the infected add-ons, but this scare has made gamers pay closer attention to the add-ons they install.

You don't have to buy free-to-play titles, but progression is usually downright glacial (and sometimes requires an expansion pack), and the best cosmetic skins are often locked in the cash shop. And these are best-case scenarios. In the worst-case scenario, a free-to-play game is only free because the developers want as many users as possible.

The game "PirateFi" was advertised as a free-to-play survival game by Seaworth Interactive. Players could explore the digital seas in search of treasure and glory, either alone or with a crew. The gameplay loop revolved around scavenging for food and materials, using them to build bases and set up farms, and then striking out against rival pirate crews when ready. Sounds pretty standard for a survival title, but as it turns out, the game's true pirate theme came not from the content but from the flies.

Days after "PirateFi" was released, Valve removed the game and began sending messages to anyone who had downloaded it, stating that it contained suspected malware. Valve customer service did not elaborate, but some users stated that the game carried "Trojan.Win32.Lazzzy.gen," which, when unpacked, stole browser cookies. For those unfamiliar, browser cookies store user information on websites, including the pages visited and login credentials. According to players, the internet pirates at Seaworth Interactive did everything from changing login credentials to stealing money. Only 800 people played "PirateFi," but that's still 800 too many.

While many games are released on Steam as finished products, many have recently launched as unfinished early access titles, offering only an early build and the developer's promise of eventual completion. Some deliver on the developer's promise (and more), while others are eventually abandoned. One could argue whether it makes sense to use such games as a vector for malware, but that's neither here nor there once it has already happened.

"Chemia" was a survival game (a common trait in the early access world) that takes place in a post-apocalyptic world ravaged by disaster. The goal was to scrounge for resources, survive, and "uncover the mysteries of a shattered world." Since it was released in an early access state, players had to purchase it to try what was essentially an early alpha or beta build. However, buying a game is no guarantee of safety.

The threat intelligence company Prodaft detected that a hacker, known as EncryptHub (alternatively referred to as Larva-208), injected HijackLoader and Fickle Stealer malware into the game files. While Fickle Stealer is designed to copy data, such as cookies, account credentials, and cryptocurrency wallets, from web browsers, HijackLoader is a little more sinister, as it maintains the virus's presence on the host computer. And unlike most malware, these malicious programs have a minimal impact on computer performance, leaving victims none the wiser. 

Ask anyone who uses Steam, and even if they like the storefront, they will probably admit it has a vetting problem. Steam sells so many games that even an army of QA testers couldn't check them all for quality or stability. Heck, quite a few viruses disguised as games have snuck past Steam's censors. But sometimes, it's not Steam's fault.

The game "BlockBlasters" (not to be confused with "Block Busters") was initially marketed as a 2D platformer with pixel graphics. The game wasn't complicated, only requiring players to jump and dodge hostile crabs. But it was free. Plus, according to early reviews, most people enjoyed the game. However, back then, "BlockBlasters" was 100% virus-free.

On August 30, 2025, the developer of "BlockBlasters," Genesis Interactive, showed its true colors when it pushed out an update that added malware such as Trojan Stealer Batch files and VBS Loaders to the game files. Not only did the malicious patch steal account information from hundreds of users, but it also added exemptions to antivirus programs so the malware could fly under the radar. While the malware was detected in August, most people didn't take notice until the Latvian streamer Raivo "Rastaland" Plavnieks was tricked into installing the game while raising cryptocurrency to help treat his rare form of sarcoma cancer. The "BlockBlasters" malware stole over $31,189 worth of Solana from Plavnieks and more than $150,000 in total from all its victims. Valve came under fire for letting "BlockBlasters" linger on Steam, but this is hardly the first time a dangerous malware program spread for weeks unabated.

Before Valve let developers publish incomplete games on Steam as Early Access titles, the company tried to democratize its digital storefront through the Steam Greenlight service. Users could vote on the next games to be published through Steam. Without Steam Greenlight, we wouldn't have titles like "Undertale" (or its surprise sequel, "Deltarune"). However, like early access titles, Steam Greenlight was ripe for abuse, leading to scams and, more importantly, malware.

Very little information remains about the game "Dynostopia" and the malware that made it infamous, as the person behind it has attempted to erase all data about the incident from the internet. However, we do know for certain that when activated, the game's malware turned on connected webcams and hijacked the Steam accounts of players to leave positive reviews and upvote the title. However, according to some users, that was just the tip of the iceberg. Some unlucky gamers reported that the virus locked them out of their computers, and if they restarted their PCs, the virus deleted their data and desktops.

While only a few hundred people were affected by the virus at most, it still exploited Steam Greenlight's systems to infect other users through word of mouth, essentially. Things could have been worse; Some users theorized that the virus ran off a stock packet that might have included more malicious functionality than was ultimately utilized. "Dynostopia" is certainly the most destructive title to come out of Steam Greenlight, but it is far from the most infamous — that dishonor remains with "The Slaughtering Grounds."

If a multiplayer title gets popular enough, it might enter the world of e-sports. Several associations support these games and their participants, helping them grow while also organizing competitions and ensuring matches are fair. However, sometimes methods are more unsavory than one might think.

The E-Sports Entertainment Association League (ESEA League) was a competitive e-sports video game platform that hosted and organized league tournaments for the game "Counter-Strike: Global Offensive" ("CS:GO"). In its prime, the ESEA League attracted players with cash prizes, a bustling community, and most importantly, low-ping servers and a robust anti-cheat client. 

The ESEA League client caught many cheaters, but only because the program was a steaming pile of spyware. In April of 2013, a rogue employee added Bitcoin mining functionality to the official ESEA League client. The ESEA League had been internally experimenting with the notion of turning clients into Bitcoin excavators — all above board, mind you. The company abandoned the project, but this lone employee decided to continue testing the code and use ESEA League client users as unwilling guinea pigs. While the employee generated $3,713 worth of Bitcoin, they never saw a single cent; It was all donated to the American Cancer Society. The ESEA League also threw in an additional $3,713 from its savings.