BloodyStealer Is A New Trojan Targeting Gamers And Their Steam, GOG, Epic Accounts

BloodyStealer Is A New Trojan Targeting Gamers And Their Steam, GOG, Epic Accounts
Image: Valve

Researchers from security firm Kaspersky have issued a warning about a new malware called BloodyStealer, which supposedly targets and scrapes data from users’ accounts on EA Origin, Steam and the Epic Games Store for resale on the dark web.

The malware is being sold and advertised on darknet forums, according to Kaspersky, with the specific purpose of scraping people’s session data and passwords for clients like Steam, GOG, the Bethesda Launcher, Epic and more. It was first spotted by the security firm’s researchers in March this year, with posts advertising the tool for around a $US40 lifetime subscription 0r under $US10/month.

bloodystealer
Image: Kaspersky

BloodyStealer also stood out for its technical construction, with a range of anti-debugging techniques and other methods built into the tool to make it harder to analyse and reverse engineer. The tool scrapes what it can and then sends all data to a server, which can be accessed reportedly via Telegram or a darkweb panel, with the capacity to further onsell the information.

“Both C&C servers are placed behind Cloudflare, which hides their original IPs and provides a layer of protection against DDoS and web attacks,” Kaspersky’s researchers claimed.

It’s not the only instance of gamers and gaming accounts being targeted. Stolen accounts are a huge market on the dark web, with hackers often selling packages of logs (which might include saved browser cookies, desktop screenshots or other data) or actual game keys and in-game items themselves.

“With its interesting capabilities, such as extraction of browser passwords, cookies, and environment information as well as grabbing information related to online gaming platforms, BloodyStealer provides value in terms of data that can be stolen from gamers and later sold on the darknet,” Kaspersky warned.

As is always the case, there’s some good basic measures you can take to avoid having your account being compromised:

  • Don’t buy dodgy keys from unauthorised resellers;
  • Enable two-factor authentication wherever you can;
  • Be wary of any strange or unrecognisable messages from new accounts you get on platforms like Steam, and do not click on their links;
  • Also don’t click on links, or copy-paste links to sites, that appear in-game

The researchers note that while cybercriminals always take a risk when trying to make money this way, they’re betting that they’ll capture some users who are looking to save a few extra dollars on their games. Don’t fall into that trap; there’s always a legitimate sale around the corner, and plenty of good free games to play or trial online that won’t compromise your data.

“As games offer users plenty of in-game goodies and even feature their own currencies, gaming accounts are of particular interest to cybercriminals,” Kaspersky wrote.

Comments

  • “It was first spotted by the security firm’s researchers in March this year, with posts advertising the tool for around a $US40 lifetime subscription 0r under $US10/month.”

    4 months worth for a lifetime subscription? That’s a steal, considering how much lifetime software subscriptions are nowadays! Surely they didn’t mistype 400 as 40?

    • Not if you’re plan is to get people to buy the lifetime. So advertising it for 4x the amount of money you’d pay for a month absolutely sounds like a steal and the option that offers the best value.

      Not only they have created the tools to farm the logins, they have the marketing skills to go with it!

    • You are talking about legitimate software subscriptions where the consumer can believe on reasonable grounds that the company isn’t going to disappear overnight. The article is about illegal malware which all vulnerable companies (with any sense) are scrambling to develop a security patch against. Why would you pay a $400 lifetime subscription for a tool which might become completely useless tomorrow?

Show more comments

Log in to comment on this story!