Advanced malware is stealing gaming account data — Steam, Epic Games and more at risk

(Image credit: Andrew Brookes/Getty Images)

Cybersecurity analysts discovered an advanced malware being advertised on a Russian-speaking underground forum, and not only can it harvest valuable information via a user's gaming account, but anyone can purchase the malicious stealer for under $10.

Known as BloodyStealer, the trojan malware allows cybercriminals to grab information from the most popular online gaming platforms found on PC, including from Epic Games Store, GOG, Origin, and Steam. The threat actor can loot private information found on a user's account, and put a price tag on it on the black market.

Best VPN services 2021
5 reasons why you need a VPN — cheap flights, fast internet and more
Your Gmail is worth more than a bank account on the dark web

As discovered by cybersecurity analysts Kaspersky and spotted by @3xp0rtblog on Twitter, the malware was first found back in March after its author put up an advertisement on an underground forum. The ad stated that BloodyStealer costs 700 RUB (around $9.65) for one month or 3,000 RUB (around $41.31) for a lifetime.

Name of malware: Bloody StealerProgramming language: C#Panel: in telegram through seller host or web panelPrice: 700 RUB for 1 month, 3000 RUB for a lifetime.Posted on:lolz[.]guru/threads/2361021Telegram: iWantOrders pic.twitter.com/LiM3UG8b7TApril 8, 2021

The advertisement claimed the malicious trojan came with a number of features, including being able to grab cookies, passwords, forms, bank cards from browsers; steal all information about a PC; steal files from a desktop and a uTorrent client; and is able to steal sessions from big gaming clients.

Additionally, the report points out that BloodyStealer was also able to protect the user against reverse engineering and malware analysis. As shown in the report, however, cybersecurity analysts were able to provide full details on the anti-analysis methods used. It is likely that the malware infects a device through dodgy download clients or phishing emails.

So far, BloodyStealer has been found to be in use in Europe, Latin America, and the Asia-Pacific region. A great way to defend yourself against any cybersecurity threat is by protecting your account with two-factor authentication. Plus, be aware of any malicious links to external sites from a game chat of any kind.

Kaspersky continues to talk about the wholesale deals dark web sellers offer potential customers, including packages containing 1,000 private logs from various gaming accounts for $300. Speaking of, you can check how much is your Steam account worth.

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.