A new advanced trojan sold on Russian-speaking underground forums comes with capabilities to steal users’ accounts on popular online video game distribution services, including Steam, Epic Games Store, and EA Origin, underscoring a growing threat to the lucrative gaming market.
Cybersecurity firm Kaspersky, which coined the malware “BloodyStealer,” said it first detected the malicious tool in March 2021 as being advertised for sale at an attractive price of 700 RUB (less than $10) for one month or $40 for a lifetime subscription. Attacks using Bloody Stealer have been uncovered so far in Europe, Latin America, and the Asia-Pacific region.
“BloodyStealer is a Trojan-stealer capable of gathering and exfiltrating various types of data, for cookies, passwords, forms, banking cards from browsers, screenshots, log-in memory, and sessions from various applications,” the company said. The information harvested from gaming apps, such as Bethesda, Epic Games, GOG, Origin, Steam, and VimeWorld, is exfiltrated to a remote server, from where it’s likely to be monetized on darknet platforms or Telegram channels that are dedicated to selling access to online gaming accounts.
The malware is not only aimed at VIP members of underground forums, but also stands out for a barrage of anti-analysis methods it uses to thwart detection and intentionally complicate reverse engineering. Furthermore, infection chains involving BloodyStealer are also noteworthy for the fact that threat actors who had purchased a license to the product used the stealer in conjunction with other malware campaigns.
Kaspersky did not reveal the attack vectors used to stage the incursions, but it’s typical of adversaries to target users looking to download games from fraudulent sites or through email and chat messages containing links to external rogue sites that trick gamers into entering their account information.
“BloodyStealer is a prime example of an advanced tool used by cybercriminals to penetrate the gaming market,” the researchers said. “With its interesting capabilities, such as extraction of browser passwords, cookies, and environment information as well as grabbing information related to online gaming platforms, BloodyStealer provides value in terms of data that can be stolen from gamers and later sold on the darknet.”