A new and advanced trojan with the ability to hijack users’ accounts on prominent online video game distribution platforms is being offered on Russian-speaking underground forums. Steam, Epic Games Store, and EA Origin are all facing this rising threat to the game business.
The cybersecurity firm, Kaspersky, named this malware “BloodyStealer” and revealed that it was initially discovered in March 2021. It was being offered for 700 RUB (less than $10) for one month or $40 for a lifetime membership. So far, BloodyStealer attacks have been discovered in Europe, Latin America, and the Asia-Pacific area.
Kaspersky further said that BloodyStealer is a Trojan-stealer that can collect and exfiltrate several data types, including cookies, passwords, forms, banking cards, screenshots, log-in memories, and sessions from multiple apps.
The data collected from gaming applications, like Bethesda, Epic Games, GOG, Origin, Steam, and VimeWorld, is sent to a distant server, where it’s probably monetized on the darknet marketplaces or Telegram channels offering access to online gaming accounts.
The virus targets VIP members of underground forums and employs a slew of anti-analysis techniques to evade detection and make reverse engineering more difficult. Infection chains using BloodyStealer are especially notable because threat actors who had acquired a license for the product used it with other malware operations.
The attack vectors used to stage the incursions were not disclosed by Kaspersky. Still, it’s usual for hackers to target users interested in downloading games from phony sites or via email and chat messages comprising links to external rogue sites that trick gamers into passing their account information.
BloodyStealer, with features such as extracting browser passwords, cookies, environment information, and collecting information connected to online gaming platforms, delivers value in terms of data that may be stolen from players and then sold on the darknet.