Online security firm Kaspersky, maker of one of the best antivirus software options out there, has emphasized over the past few years that gaming accounts are an extremely attractive target for the bad guys. For example, last month it reported that 5.8 million malware attacks were blocked “disguised as popular PC games” in 2020, adding that such attacks “have skyrocketed with the introduction of bans”.
Kaspersky is now warning of a new Trojan that it discovered earlier this year. which bears the charming name Bloodystealer. It targets accounts on EA Origin, Steam, Epic Games, GOG and other game services and aims to scrape off session data and passwords along with information like bank card details, device details, screenshots and other files.
“We noticed that most of the programs listed are game-related, which suggests that player accounts and their content are in demand in the underground market.” writes Julia Glazova from Kaspersky.
BloodyStealer is the kind of thing script kiddies are drawn to, cheap, high-volume malware that sells for $ 10 / month or $ 40 for a “lifetime” license, according to Kaspersky (I love the idea that malware has a license). The main target, apparently, is databases of login information, and the scraped information is sold in bulk (for example, below is a screenshot of a seller offering 65,600 logs broken down by region for $ 150) or accounts can be sold individually sold if they are of unusual value (lots of games, expensive in-game items, etc.).
The Kaspersky Boffins are worryingly impressed with the relative sophistication of Bloodystealer, especially given its low cost. A full breakdown of how it exploits its unfortunate victims You will find here.
“In the gaming industry, user data is still in high demand, but at much cheaper prices than in the past, as attackers successfully leverage the malware-as-a-service model to generate revenue and reduce costs when the offer increases ”says
Sam Curry, Chief Security Officer at Cyber season, an online security company. Then he starts to sound a bit like a Metal Gear Solid boss. “Overall, the number of identity compromises at this point in time is more than ten times greater than that of the world’s population, and yet life goes on. The unthinkable has become everyday and routine.”
The advice of people who know what they are talking about is always the same. Use strong passwords, enable two-factor authentication for accounts that have this option, and carefully review website URLs. Never click on links or attachments from unknown sources and in the worst case, report it to law enforcement immediately. Here is the Kaspersky tutorial too Protecting Your Steam Account.
Most importantly, don’t think that this is not going to happen to you or that your account is not worth stealing: malware is ubiquitous and constantly evolving. When something as cheap as this is able to spread around the world like this, failing to protect your account information only guarantees it will end up on a list in the dark corners of the web.