Rechercher dans ce blog

Monday, September 27, 2021

New malware steals Steam, Epic Games Store, and EA Origin accounts - BleepingComputer

New malware steals Steam, Epic Games Store, and EA Origin accounts

A new malware sold on dark web forums is being used by threat actors to steal accounts for multiple gaming platforms, including Steam, Epic Games Store, and EA Origin.

Kaspersky security researchers who spotted the new trojan in March dubbed it BloodyStealer and found that it's capable of collecting and stealing a wide range of sensitive information, including cookies, passwords, bank cards, as well as sessions from various applications. 

This malware explicitly targets gaming platforms, like Steam, Epic Games, EA Origin, GOG Galaxy, and more, as it can harvest accounts for its operators, which later sell them in underground markets.

"While BloodyStealer is not made exclusively for stealing game-related information, the platforms it can target clearly point to the demand for this type of data among cybercriminals," Kaspersky said.

"Logs, accounts and in-game goods are some of the game-related products sold on the darknet in bulk or individually for an attractive price."

The information stealer is sold through private channels to VIP members of underground forums under a subscription model for roughly $10 per month or $40 for a lifetime "license."

BloodyStealer dark web ad
BloodyStealer dark web ad (Kaspersky)

BloodyStealer is also marketed as coming with detection evasion and with malware analysis protection capabilities.

The complete list of capabilities, as described by its developers, includes:

  • Grabber for cookies, passwords, forms, bank cards from browsers
  • Stealer for all information about the PC and screenshots
  • Steals sessions from the following clients: Bethesda, Epic Games, GOG, Origin, Steam, Telegram, VimeWorld
  • Steals files from the desktop (.txt) and the uTorrent client
  • Collects logs from the memory
  • Duplicate logging protection
  • Reverse engineering protection
  • Not functional in the CIS

Used to attack gamers worldwide

Since its discovery, Kaspersky has detected BloodyStealer being used in attacks targeting victims from Europe, Latin America, and the Asia-Pacific region.

"BloodyStealer is a prime example of an advanced tool used by cybercriminals to penetrate the gaming market. With its efficient anti-detection techniques and attractive pricing, it is sure to be seen in combination with other malware families soon," Kaspersky researchers added.

"Furthermore, with its interesting capabilities, such as extraction of browser passwords, cookies, and environment information as well as grabbing information related to online gaming platforms, BloodyStealer provides value in terms of data that can be stolen from gamers and later sold on the darknet."

You can find further info on BloodyStealer's anti-analysis and data exfiltration capabilities in Kaspersky's report.

While Kaspersky did not share info on the attack vectors used to deliver this malware, gamers are usually targeted by threat actors with malware-laced modding-related and game cheat tools if they are willing to cheat their way to victory or want to further mod their games.

Game cheats are a well-documented source of malware infections and have been used to infect unethical gamers with cryptocurrency miners, remote access trojans, and other malware strains for years.

Adblock test (Why?)


New malware steals Steam, Epic Games Store, and EA Origin accounts - BleepingComputer
Read More

No comments:

Post a Comment

Nothing announces its OnePlus Nord rival ‘Phone 2a’, says it is better than Phone 1 - The Financial Express

Nothing made a bunch of announcements today. Stand-out among them was the official name drop of its next smartphone. The phone will be call...