'BloodyStealer' Malware: How to Avoid Cyberthreat That Steals Gaming Accounts of Victims
An online security report revealed that cybercriminals unleashed a form of malware that targets and infiltrates several gaming accounts, and stealing data inside of them.
The said malware, dubbed BloodyStealer, was said to be used to snatch any information, including private ones like passwords, as well as online transactions such as payments that contains vital and sensitive details, inside said accounts.
A "Bloody" Breach
The BloodyStealer malware was revealed in Kaspersky's post in their website. According to the said post by the online security firm, the malware was first discovered in an ad on an underground web forum last March of this year.
A new trojan called BloodyStealer is targeting gamer's accounts on EA Origin, Steam, Epic Games, GOG and other services, according to Kaspersky researchers. https://t.co/YYFnnVeWgu— Genie Sugene Gan (@genie_sg) September 28, 2021
Base on the said ad, BloodyStealer infiltrates several accounts from gaming clients like Bethesda and Epic Games, as well as online digital game stores such as GOG, EA Origin, and Steam.
BloodyStealer also steals important data from any infected device such as passwords, banking details, cookies, and browser autofill data, as well as other data that were saved in that same device such as screenshots, uTorrent client files, logs, and even sensitive data from Telegram and VimeWorld.
The said malware, according to a post by SecureList, Kaspersky's blogsite containing online security reports, has said to have several anti-analysis methods that were used to make it impossible to know what is inside of its programming. This includes the usage of packers and other anti-debugging techniques.
The same post also revealed that a commercial solution named AgileNet is the one who protects said malware, especially after it was been sold from a potential customer. Other protection tools for the .NET environment, such as Confuser, were also used.
Once entered in the device, it will assign a unique identifier, which will extract data such as the GUID and its serial number, as well as other information such as the public IP address.
Then it will create a POST request that contains the vital information that it snatched, then sends it in a C&C server as a non-protected ZIP archive, which can be sold to other cybercriminals and can be accessed by either using Telegram or via a web panel.
Once obtained, other cyber criminals will use this information in other cyber attacks such as distributing phishing links, launder money, and other illegal activities.
According to IBT, the malware, which was distributed as a "malware-as-a-service," was said to be sold for $10 a month, or $40 for a "lifetime license," and was used on devices of victims in Europe, Latin America, and the Asia-Pacific region.
BloodyStealer can also used by the cybercriminals to chain other malware such as KeyBase or Agent Tesla, and can be protected with other packers such as Themida.
How to Avoid Being a Victim
In order for users to not become victims of any malware attack, including ones from BloodyStealer, Kaspersky advised them to protect their accounts with strong passwords, as well as enable multifactor authentication and max out the security settings of any platform.
The online software firm also said that they need to download apps from official sites to minimize the chances of picking up any malware, as well as being vigilant to the e-mail links that any anonymous senders may send to them, and sites that they enter their credentials to.