Online security firm Kaspersky, makers of one of the best antivirus software options out there,has in recent years been emphasising that gaming accounts are an extremely attractive target for the bad 'uns. Last month for example it reported blocking 5.8 million malware attacks “disguised as popular PC games” in 2020, adding that such attacks had “soared with the introduction of lockdowns”.
Now Kaspersky is warning of a new Trojan it discovered earlier this year, which goes by the charming name of Bloodystealer. It targets accounts on EA Origin, Steam, Epic Games, GOG, and other gaming services, and aims to scrape session data and passwords, along with information like bank card details, device data, screenshots, and other files.
“What struck us was that most of the listed programs are game-related, which suggests that gamer accounts and their contents are in demand on the underground market,” writes Kaspersky's Julia Glazova.
BloodyStealer is the kind of thing that script-kiddies are drawn towards, a cheap high-volume piece of malware that, according to Kaspersky, is sold for $10 / month or $40 for a 'lifetime' license (I love the idea of malware having a license). The primary target is apparently databases with login information, and the scraped information is being both sold in bulk (as an example, there's a screenshot of a seller below offering 65,600 logs, broken down by region, for $150) or accounts can be sold individually if they're of unusual value (lots of games, expensive in-game items and so on).
The Kaspersky boffins are worryingly impressed by the relative sophistication of Bloodystealer, particularly considering its low cost. A full breakdown of how it exploits its unfortunate victims can be found here.
“In the gaming industry user data is still highly sought after, but at much cheaper prices than in the past with attackers successfully using the malware-as-a-service model to generate revenue and drive down costs as the supply increases,” says
Sam Curry, chief security officer at Cybereason, an online security firm. Then he starts sounding a bit like a Metal Gear Solid boss. “Overall, the number of identity compromises by this point is more than 10 times larger than the world's population, and yet life continues. The unthinkable has become the mundane and the routine.”
The advice from the people who know what they're talking about is always the same. Use strong passwords, enable two-factor authentication on accounts that have that option, and look at website URLs carefully. Never click on links or attachments from unknown sources, and if the worst happens immediately report it to law enforcement. Here's Kaspersky's guide on protecting your Steam account.
Most of all, don't think it won't happen to you or that your account isn't 'worth' stealing: malware is omnipresent and never stops evolving. When something so cheap is capable of propagating itself globally like this, failing to protect your account details just guarantees they'll end up on some list in the dark corners of the web.