A new malware has been spotted for sale on darknet forums, which allows threat actors to steal gamers’ accounts on popular gaming platforms, including Steam, Epic Games Store, and EA Origin.
Dubbed BloodyStealer, the malware is capable of gathering and exfiltrating various types of data, including cookies, passwords, forms, bank cards fr om browsers, screenshots, log-in memory, and sessions from various applications, and also has features allowing it to avoid analysis and detection.
BloodyStealer was first spotted in March by researchers at Kaspersky on hacker forums wh ere it was sold for as little as $10 for a 1-month subscription or $40 for a lifetime subscription. The malware was advertised by its seller as being capable of evading detection and protected against reverse engineering and malware analysis in general.
Kaspersky said that attacks deploying BloodyStealer were detected in Europe, Latin America, and the Asia-Pacific region.
While BloodyStealer is not made exclusively for stealing game-related information, the platforms it can target clearly point to the demand for this type of data among cybercriminals, the researchers said.
"Despite the fact that cybercriminals have various options available if they want to buy or rent a stealer and use it afterwards in their attack chain, BloodyStealer has definitely attracted some attention among users on one of the underground forums," said Dmitry Galov, security researcher at Kaspersky’s Global Research and Analysis Team.
"This stealer has some interesting capabilities, such as extraction of browser passwords, cookies, and environment information. The developers behind this stealer also added capabilities, such as grabbing information related to online gaming platforms. This information can then be sold on different underground platforms or Telegram channels that are dedicated to selling access to online gaming accounts. Gaming accounts are clearly hunted by cybercriminals, so if you want to enjoy gaming peacefully and not worry that your in-game credit or accounts will be gone, make sure you protect your account through two-factor authentication and use a reliable security solution to protect your devices."