A new trojan called BloodyStealer is targeting gamer's accounts on EA Origin, Steam, Epic Games, GOG and other services, according to Kaspersky researchers. The malware can scrape session data and passwords, along with information like bank card details, device data, screen shots and uTorrent files. "What struck us was that most of the listed programs are game-related, which suggests that gamer accounts and their contents are in demand on the underground market," Kaspersky's Julia Glazova wrote in a blog post.
— Kaspersky (@kaspersky) September 27, 2021
BloodyStealer is relatively cheap at $10 per month or around $40 for a lifetime license. Apparently the primary attack target is logs, or databases containing info used to access accounts. Those can then be offered to buyers via Telegram or a malware panel. In one example, Kaspersky showed a screenshot of a seller with 65,600 logs broken down by region, available for $150. They can also be sold individually — accounts with plenty of games, add-ons and expensive items are particularly valuable.
The trojan stood out to researchers for its clever construction, using anti-debugging tools that make it hard to reverse engineer. Information is sent as a ZIP archive to a command-and-control (C&C) server, protected against DDoS and other types of web attacks.
Kaspersky noted that it's seeing the malware around the globe and provided tips to avoid falling victim. It recommends buying apps only from official sources (not torrents) to avoid malware. It also recommends protecting your account with a strong password and, preferably, two-factor authentication. At the bottom of the post, it also provides guides to maxing out each platform's security settings.