BloodyStealer: Advanced new Trojan targets accounts of popular online gaming platforms

Woburn, MA – September 27, 2021 – Kaspersky researchers have discovered an advanced Trojan, dubbed BloodyStealer, sold on darknet forums and used to steal gamers’ accounts on popular gaming platforms, including Steam, Epic Games Store, and EA Origin. With features to avoid analysis and detection, a low subscription price, and some interesting capabilities, BloodyStealer is a prime example of the types of threats online gamers can face. This, alongside an overview of the game-related products stolen and sold on the darknet, can be found in Kaspersky’s latest report on game-related threats.

The research illustrated that in-game goods and gaming accounts are in demand on the darknet. Combinations of gaming logins and passwords to popular platforms such as Steam, Origin, Ubisoft or EpicGames can sell as cheaply as $14.20 per thousand accounts when sold in bulk, and for 1-30% of an account’s value when sold individually. These stolen accounts do not come from accidental data leaks, but are the result of deliberate cybercriminal campaigns that employ malware such as BloodyStealer.

A person offers 280,000 usernames and passwords for just $4,000

BloodyStealer is a Trojan-stealer capable of gathering and exfiltrating various types of data, including cookies, passwords, forms, bank cards from browsers, screenshots, log-in memory, and sessions from various applications. These specifically include gaming platforms, such as EpicGames, Origin, and Steam.

Kaspersky researchers first spotted it in March, where it was advertised as being capable of evading detection and protected against reverse engineering and malware analysis in general. It is sold on underground forums at an attractive price – less than $10 for a 1-month subscription or $40 for a lifetime subscription.

This malware also stood out to researchers because of several anti-analysis methods used to complicate its reverse engineering and analysis, including the use of packers and anti-debugging techniques. The stealer is sold on the underground market and customers can protect their sample with a packer they prefer or use it as part of another multi-stage infection chain. Kaspersky experts detected attacks using BloodyStealer in Europe, Latin America, and the Asia-Pacific region.

While BloodyStealer is not made exclusively for stealing game-related information, the platforms it can target clearly point to the demand for this type of data among cybercriminals. Logs, accounts and in-game goods are some of the game-related products sold on the darknet in bulk or individually for an attractive price.

BloodyStealer advertisement outlining its capabilities

“Despite the fact that cybercriminals have various options available if they want to buy or rent a stealer and use it afterwards in their attack chain, BloodyStealer has definitely attracted some attention among users on one of the underground forums,” said Dmitry Galov, security researcher at Kaspersky’s Global Research and Analysis Team. “This stealer has some interesting capabilities, such as extraction of browser passwords, cookies, and environment information. The developers behind this stealer also added capabilities, such as grabbing information related to online gaming platforms. This information can then be sold on different underground platforms or Telegram channels that are dedicated to selling access to online gaming accounts. Gaming accounts are clearly hunted by cybercriminals, so if you want to enjoy gaming peacefully and not worry that your in-game credit or accounts will be gone, make sure you protect your account through two-factor authentication and use a reliable security solution to protect your devices.”

Kaspersky is committed to the protection of gamers, as well as to safer development of the industry. Earlier this year, the company launched “Fearless gaming” to raise awareness about the importance of cybersecurity and its role in e-sports. More information is available here.  

Learn more about BloodyStealer and darknet game-related software on Securelist.

To stay safe while gaming, Kaspersky experts recommend:

·       Protecting your accounts with two-factor authentication where possible. For others, comb through account settings

·       Not clicking on any links to external sites from the game chat, and carefully checking the address of any resource that requests you enter your username and password; the page may be fake 

·       Avoiding downloads of pirated software and other illegal content. Even if you are redirected to the webpage from a legitimate website

·       Using a strong, reliable security solution, especially if it won’t slow down your computer while you play. It will also protect you from all possible cyberthreats. Kaspersky Total Security works smoothly with Steam and other gaming services  

·       Using a robust security solution to protect you from malicious software and its actions on mobile devices – such as the Kaspersky Internet Security for Android

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com

Media Contact

Sawyer Van Horn

sawyer.vanhorn@Kaspersky.com

(781) 503-1866