Researchers from security firm Kaspersky have issued a warning about a new malware called BloodyStealer, which supposedly targets and scrapes data from users’ accounts on EA Origin, Steam and the Epic Games Store for resale on the dark web.
The malware is being sold and advertised on darknet forums, according to Kaspersky, with the specific purpose of scraping people’s session data and passwords for clients like Steam, GOG, the Bethesda Launcher, Epic and more. It was first spotted by the security firm’s researchers in March this year, with posts advertising the tool for around a $US40 lifetime subscription 0r under $US10/month.
BloodyStealer also stood out for its technical construction, with a range of anti-debugging techniques and other methods built into the tool to make it harder to analyse and reverse engineer. The tool scrapes what it can and then sends all data to a server, which can be accessed reportedly via Telegram or a darkweb panel, with the capacity to further onsell the information.
“Both C&C servers are placed behind Cloudflare, which hides their original IPs and provides a layer of protection against DDoS and web attacks,” Kaspersky’s researchers claimed.
It’s not the only instance of gamers and gaming accounts being targeted. Stolen accounts are a huge market on the dark web, with hackers often selling packages of logs (which might include saved browser cookies, desktop screenshots or other data) or actual game keys and in-game items themselves.
“With its interesting capabilities, such as extraction of browser passwords, cookies, and environment information as well as grabbing information related to online gaming platforms, BloodyStealer provides value in terms of data that can be stolen from gamers and later sold on the darknet,” Kaspersky warned.
As is always the case, there’s some good basic measures you can take to avoid having your account being compromised:
- Don’t buy dodgy keys from unauthorised resellers;
- Enable two-factor authentication wherever you can;
- Be wary of any strange or unrecognisable messages from new accounts you get on platforms like Steam, and do not click on their links;
- Also don’t click on links, or copy-paste links to sites, that appear in-game
The researchers note that while cybercriminals always take a risk when trying to make money this way, they’re betting that they’ll capture some users who are looking to save a few extra dollars on their games. Don’t fall into that trap; there’s always a legitimate sale around the corner, and plenty of good free games to play or trial online that won’t compromise your data.
“As games offer users plenty of in-game goodies and even feature their own currencies, gaming accounts are of particular interest to cybercriminals,” Kaspersky wrote.