BloodyStealer 'advanced' trojan steals accounts from most major gaming platforms

Cal Jeffrey

Posts: 3,205   +882
Staff member
PSA: If you are a gamer, watch out for a new trojan that can steal your account credentials for just about any major platform. Kaspersky just disclosed its research, so most antivirus suites should have protections against it soon, so keep your security updated.

On Monday, Kaspersky researchers detailed a new "advanced" trojan called "BloodyStealer" that targets users' gaming accounts. The trojan can scrape data from PCs, including passwords, cookies, bank card details, screenshots, and more. It can also steal client sessions from Bethesda, Epic Games, GOG, EA Origin, Steam, Telegram, and VimeWorld. Kaspersky found the malware back in March in an ad on an underground forum.

The researchers say the malware has already been deployed in Europe, Latin America, and the Asia-Pacific region despite being relatively new. BloodySteal also has tools that protect it against analysis.

"We were able to identify several anti-analysis methods that were used to complicate reverse engineering and analysis of BloodyStealer, including the usage of packers and anti-debugging techniques. We had been monitoring BloodyStealer since its announcement, so we were able to notice that the majority of the BloodyStealer samples were protected with a commercial solution named "AgileNet". While analyzing samples discovered in the wild, we found that some of them were protected not only with AgileNet but also with other, very popular, protection tools for the .NET environment, such as Confuser."

Kaspersky says that the sellers use a "malware-as-a-service (MaaS) distribution model." It only costs around $10 per month or $40 for a lifetime license, making it attractive for those wishing to steal gaming accounts.

It also makes it highly profitable for thieves selling the account info. One seller on the dark web was found asking for $4,000 for a bulk list of 280,000 accounts (screenshot above). Customers looking to pick up an individual game profile can easily find them for less than 50 cents (below), making it just as attractive for those not wanting to use the trojan.

Although Kaspersky discovered the malware early in the year, it waited to disclose it publically until it had mitigation methods in place for its antivirus platform.

"Kaspersky Security Cloud blocks BloodyStealer and doesn't interfere with gameplay," says the company, adding that other security solutions may already have similar mitigation in place.

The researchers advise other common-sense measures like using strong passwords with 2FA enabled, only downloading apps from trusted sources, making sure websites asking for your credentials are authentic, and not clicking links in emails from strangers. Kaspersky also provides guidance for maxing out the security settings on several platforms, including Steam, Battle.net, Origin, Twitch, and Discord.

Permalink to story.

 

Revolution 11

Posts: 89   +100
For Steam users, definitely get the Steam mobile app and enable 2FA with its Steam Guard feature. Back up the recovery code (and passwords) on a good password manager like 1Password or Bitwarden.

The Kaspersky article link for Steam safeguards have more tips to improve account security.
 

kiwigraeme

Posts: 650   +497
So pirates - the lesson here is to pirate 100% on an isolated BlackPearl PC .
Reminds me of certain sports people who a gold metal . world championships - had a nice TV or sponsorship deals post career lined up - then got positive tested for drugs in some no name meet at end of career.
Someone screws up there house loss insurance of $300 000 by trying to get an extra $1000 with an easy proven lie - worth a chuckle

Gaming is so cheap - free games every month - old games - 15 for $5 .
If you can afford to run AA games - you can afford to buy
 

Dimitrios

Posts: 943   +754
I never use my bank card for buying stuff online. Well I get a phone call about 7 or 10 days ago stating someone tried to buy something for 64 cents and PEOPLE'S BANK froze it. I have used this card for the first time on buying games. I got like 5-7 game launchers and I bet you I got screwed because of that!

The name of the business was called CLAMZ or CLAMS. I fu*** hate crooks! I started using this bank card since early spring time.
 

Reallyhow

Posts: 51   +96
"If you can afford to run AA games - you can afford to buy"

Nah. If publishers want money, they're welcome to embrace ethical business practices. No P2W. No loot crates. No games chopped up into DLC. Fewer Bugs* (This is a pain in the *** with the complexity of modern titles, mind you). No "exclusive features" tied to hardware.

They're also welcome to pay employees fairly, and ensure that their workspaces aren't cesspools that just shove people out the door when **** is done to them.
 

kiwigraeme

Posts: 650   +497
"If you can afford to run AA games - you can afford to buy"

Nah. If publishers want money, they're welcome to embrace ethical business practices. No P2W. No loot crates. No games chopped up into DLC. Fewer Bugs* (This is a pain in the *** with the complexity of modern titles, mind you). No "exclusive features" tied to hardware.

They're also welcome to pay employees fairly, and ensure that their workspaces aren't cesspools that just shove people out the door when **** is done to them.
points taken - but additional pay to play or not stupidly grind for 40 hours are NOT AA games even though the price may be $100 - any micro transactions then should be bling only