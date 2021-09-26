BloodyStealer: new advanced stealer targets accounts of popular online gaming platforms

September 2021 by Kaspersky

Kaspersky researchers have discovered an advanced Trojan, dubbed the BloodyStealer, sold on darknet forums and used to steal gamers’ accounts on popular gaming platforms such as Steam, Epic Games Store, and EA Origin. With features to avoid analysis and detection, a low subscription price, and some interesting capabilities, BloodyStealer is a prime example of the type of threat online gamers face. This, alongside an overview of the game-related products stolen and sold on the darknet, can be found in Kaspersky’s latest report on game-related data threats.

As demonstrated in the latest Kaspersky research, in-game goods and gaming accounts are in demand on the darknet. Combinations of gaming logins and passwords to popular platforms such as Steam, Origin, Ubisoft or EpicGames can sell as cheaply as 14.2 USD per thousand accounts when sold in bulk, and for 1-30% of an account’s value when sold individually. These stolen accounts do not come from accidental data leaks, but are the result of deliberate cybercriminal campaigns that employ malware such as BloodyStealer.

A person offers 280,000 usernames and passwords for just 4,000 USD

BloodyStealer is a Trojan-stealer capable of gathering and exfiltrating various types of data, for cookies, passwords, forms, banking cards from browsers, screenshots, log-in memory, and sessions from various applications. These include gaming ones – EpicGames, Origin, and Steam in particular.

Kaspersky researchers first spotted it in March, where it was advertised as being capable of evading detection and protected against reverse engineering and malware analysis in general. It is sold on underground forums at an attractive price – less than 10 USD for a 1-month subscription or 40 USD for a lifetime subscription.

This malware also stands out to researchers because of several anti-analysis methods used to complicate its reverse engineering and analysis, including the use of packers and anti-debugging techniques. The stealer is sold on the underground market and customers can protect their sample with a packer they prefer or use it as part of another multi-stage infection chain. Kaspersky experts detected attacks using BloodyStealer in Europe, Latin America, and the Asia-Pacific region.

While BloodyStealer is not made exclusively for stealing game-related information, the platforms it can target clearly point to the demand of this type of data among cybercriminals. Logs, accounts, in-game goods – all of these game-related products are sold on the darknet in bulk or individually for an attractive price.

BloodyStealer advertisement outlining its capabilities

"Despite the fact that cybercriminals have various options available if they want to buy or rent a stealer and use it afterwards in their attack chain, BloodyStealer has definitely attracted some attention among users on one of the underground forums. This stealer has some interesting capabilities, such as extraction of browser passwords, cookies, and environment information. The developers behind this stealer also added capabilities, such as grabbing information related to online gaming platforms. This information can then be sold on different underground platforms or Telegram channels that are dedicated to selling access to online gaming accounts," comments Dmitry Galov, security researcher at Kaspersky's Global Research and Analysis Team. "Gaming accounts are clearly hunted by cybercriminals, so if you want to enjoy gaming peacefully and not worry that your in-game credit or accounts will be gone, make sure you protect your account through two-factor authentication and use a reliable security solution to protect your devices".

To stay safe while gaming, Kaspersky experts recommend:

• Protecting your accounts with two-factor authentication where possible. For others, comb through account settings

• Not clicking on any links to external sites from the game chat, and carefully check the address of any resource that requests you enter your username and password; the page may be fake

• Avoiding downloads of pirated software and other illegal content. Even if you are redirected to the webpage from a legitimate website

• Using a strong, reliable security solution, especially if it won’t slow down your computer while you play. It will also protect you from all possible cyberthreats. We recommend Kaspersky Total Security – it works smoothly with Steam and other gaming services

• Using a robust security solution to protect you from malicious software and its actions on mobile devices – such as the Kaspersky Internet Security for Android