Kaspersky researchers have discovered an advanced Trojan, dubbed the BloodyStealer that targets the user accounts of popular online gaming platforms.
The advanced stealer is being sold on darknet forums. It is used to steal gamers’ accounts on popular gaming platforms such as Steam, Epic Games Store, and EA Origin, Kaspersky said.
BloodyStealer’s features including avoiding analysis and detection, a low subscription price, and some other interesting capabilities.
As demonstrated in the latest Kaspersky research, in-game goods and gaming accounts are in demand on the darknet.
Also read: Beware of trojan malware attack, MeitY warns customers of 27 major banks
Combinations of gaming logins and passwords to popular platforms such as Steam, Origin, Ubisoft and EpicGames can be put up for sale for prices as low as $14.2 per thousand accounts when sold in bulk, and for 1-30 per cent of an account’s value when sold individually.
“These stolen accounts do not come from accidental data leaks, but are the result of deliberate cybercriminal campaigns that employ malware such as BloodyStealer,” it said.
“BloodyStealer is a Trojan-stealer capable of gathering and exfiltrating various types of data, for cookies, passwords, forms, banking cards from browsers, screenshots, log-in memory, and sessions from various applications. These include gaming ones – EpicGames, Origin, and Steam in particular,” it added.
Kaspersky researchers first spotted the malware in March, where it was advertised as being capable of evading detection and protected against reverse engineering and malware analysis in general. It is sold on underground forums at a price of less than $10 for a one month subscription period or $40 for a lifetime subscription.
The malware stood out to researchers owing to the several anti-analysis methods used to complicate its reverse engineering and analysis, including the use of packers and anti-debugging techniques.
“The stealer is sold on the underground market and customers can protect their sample with a packer they prefer or use it as part of another multi-stage infection chain,” it explained.
Kaspersky experts detected attacks using BloodyStealer in Europe, Latin America, and the Asia-Pacific region.
While BloodyStealer is not made exclusively for stealing game-related information, the platforms it can target indicate the demand for this type of data among cybercriminals. Logs, accounts, in-game goods – all of these game-related products are sold on the darknet in bulk or individually for an attractive price.
“Despite the fact that cybercriminals have various options available if they want to buy or rent a stealer and use it afterwards in their attack chain, BloodyStealer has definitely attracted some attention among users on one of the underground forums,” Dmitry Galov, a security researcher at Kaspersky’s Global Research and Analysis Team commented.
“This stealer has some interesting capabilities, such as extraction of browser passwords, cookies, and environment information. The developers behind this stealer also added capabilities, such as grabbing information related to online gaming platforms. This information can then be sold on different underground platforms or Telegram channels that are dedicated to selling access to online gaming accounts,” Galov said.
“Gaming accounts are clearly hunted by cybercriminals, so if you want to enjoy gaming peacefully and not worry that your in-game credit or accounts will be gone, make sure you protect your account through two-factor authentication and use a reliable security solution to protect your devices,” Galov added.
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.