A new strain of malware called BloodyStealer was recently discovered targeting gamers on Steam, EA Origin and Epic Games Store. It steals user data on cookies, login memory, passwords, session records, banking cards, screenshots and forms.
The malware was listed on sale on the Dark Web, which led to rapid and widespread adaptation.
What is BloodyStealer? A Malware Targeting Popular Online Platforms
Researchers from Kaspersky recently discovered the advanced Trojan sold on Dark Web forums. The seller advertised it as a malware capable of stealing gamer accounts. The gaming platforms previously mentioned are some of BloodyStealer's target victims.
According to the seller, BloodyStealer is fully capable of avoiding analysis and detection. It also has a low subscription cost at $10 monthly and $40 lifetime.
Kaspersky discovered that BloodyStealer uses several anti-analysis methods. It complicates reverse engineering and analysis, even with packers and anti-debugging techniques. This means the malware is extremely difficult to remove when installed on an infected device.
Up to date, Kaspersky detected BloodyStealer attacks in Asia-Pacific, Europe and Latin America regions.
Security researcher at Kaspersky's Global Research and Analysis Team, Dmitry Galov, said that "gaming accounts are clearly hunted by cybercriminals, so if you want to enjoy gaming peacefully and not worry that your in-game credit or accounts will be gone, make sure you protect your account through two-factor authentication and use a reliable security solution to protect your devices."
Also, keep in mind that BloodyStealer is not made exclusively for stealing game-related information. It could be used on most platforms with logs, accounts, online goods. Given these features, the BloodyStealer malware is one of the most attractive merchandises in the Dark Web.
How to Keep Safe From BloodyStealer
Per Kaspersky experts, there are four ways to stay safe from the BloodyStealer malware.
- Do not click on external links: These links might come out from gamer chat boxes or random advertisements. Gamers are warned to check each address sent to them carefully. Click links only from trusted sources. Also, look for indicators of website forgery. Do not enter personal details like username or password on these suspicious websites
- Avoid downloads from pirated software or illegal websites: Although licensed games are expensive, they are a lot safer than pirated content. Malicious actors often exploit this pirated content and are the perfect carriers for malware and viruses. When downloading from the internet, only use the legitimate website provided by the game publisher.
- Use strong, reliable account security: This means generating a strong account password and activating the 2FA feature. Admittedly, logging in with a secure account takes up extra time and effort. However, this would make it difficult for malicious actors to access your account directly during a hack.
- Use robust security solutions to protect your account: This implies using third-party software like antivirus scanners to actively monitor your device for any suspicious activities.