If you are a gamer, watch out for a new trojan that can steal your account credentials for just about any major platform. Kaspersky just disclosed its research, so most antivirus suites should have protections against it soon, so keep your security updated.
On Monday, Kaspersky researchers detailed a new “advanced” trojan called “BloodyStealer” that targets users’ gaming accounts. The trojan can scrape data from PCs, including passwords, cookies, bank card details, screenshots, and more. It can also steal client sessions from Bethesda, Epic Games, GOG, EA Origin, Steam, Telegram, and VimeWorld. Kaspersky found the malware back in March in an ad on an underground forum.
The researchers say the malware has already been deployed in Europe, Latin America, and the Asia-Pacific region despite being relatively new. BloodySteal also has tools that protect it against analysis.
“We were able to identify several anti-analysis methods that were used to complicate reverse engineering and analysis of BloodyStealer, including the usage of packers and anti-debugging techniques. We had been monitoring BloodyStealer since its announcement, so we were able to notice that the majority of the BloodyStealer samples were protected with a commercial solution named “AgileNet”. While analyzing samples discovered in the wild, we found that some of them were protected not only with AgileNet but also with other, very popular, protection tools for the .NET environment, such as Confuser.”
Kaspersky says that the sellers use a “malware-as-a-service (MaaS) distribution model.” It only costs around $10 per month or $40 for a lifetime license, making it attractive for those wishing to steal gaming accounts.
It also makes it highly profitable for thieves selling the account info. One seller on the dark web was found asking for $4,000 for a bulk list of 280,000 accounts (screenshot above). Customers looking to pick up an individual game profile can easily find them for less than 50 cents (below), making it just as attractive for those not wanting to use the trojan.
Although Kaspersky discovered the malware early in the year, it waited to disclose it publically until it had mitigation methods in place for its antivirus platform.
“Kaspersky Security Cloud blocks BloodyStealer and doesn’t interfere with gameplay,” says the company, adding that other security solutions may already have similar mitigation in place.
The researchers advise other common-sense measures like using strong passwords with 2FA enabled, only downloading apps from trusted sources, making sure websites asking for your credentials are authentic, and not clicking links in emails from strangers. Kaspersky also provides guidance for maxing out the security settings on several platforms, including Steam, Battle.net, Origin, Twitch, and Discord.