New BloodyStealer Trojan steals user accounts on popular online video game distribution services such as Steam, Epic Games Store, and EA Origin, highlighting the growing threat to the lucrative gaming market.
According to Kaspersky, first discovered the “BloodyStealer” malicious tool in March 2021. The malicious tool was advertised for sale at a price of 700 RUB (less than $10) for one month or $40 for a lifetime subscription. BloodyStealer has been used across Europe, Latin America, and the Asia-Pacific region.
Kaspersky in a blog post mentioned, “BloodyStealer is a Trojan-stealer capable of gathering and exfiltrating various types of data, for cookies, passwords, forms, banking cards from browsers, screenshots, log-in memory, and sessions from various applications.”The bad actors move the information harvested from gaming apps such as Bethesda, Epic Games, GOG, Origin, Steam, and VimeWorld, to a remote server. From here it’s likely to be monetized on darknet platforms or Telegram channels that are dedicated to selling access to online gaming accounts.
The malware is not only aimed at VIP members of underground forums but also a prime target for a bombardment of anti-analysis methods it uses to thwart detection and intentionally complicate reverse engineering. The chain involving BloodyStealer is noteworthy as the threat actors who purchased a license to the product use it simultaneously with other malware campaigns.
Though Kaspersky did not reveal the attack vectors used to stage the attacks, the bad actors usually target users looking to download games from fraudulent sites or through email and chat messages containing links to external rogue sites. This tricks gamers into entering their account information.
Kaspersky researchers further said, “BloodyStealer is a prime example of an advanced tool used by cybercriminals to penetrate the gaming market. With its interesting capabilities, such as extraction of browser passwords, cookies, and environment information as well as grabbing information related to online gaming platforms, BloodyStealer provides value in terms of data that can be stolen from gamers and later sold on the darknet.”