Security expert from Kaspersky, Santiago Pontiroli, has just uncovered an account-stealing malware which sells for as little as £20 on the black market. The malware is called Steam Stealer’ and it is suspected of hijacking 77,000 Steam accounts per month.
Steam Stealer has been observed in almost 1,200 instances. And while some users will be the victim of social engineering and spear-phishing campaigns, Steam Stealer and its variants are suspected to be behind the vast majority of them.
It is believed that Steam Stealer has been developed by Russian-speaking hackers and it is currently sold for around £20 on the black market, which is much cheaper than the average malware package.
Supplied on a ‘Malware-as-a-service’ model, the malicious packages contain detailed manuals and documentation and are designed to be easy to use.
Usually, the malware packages are distributed by fake websites, or by direct messaging a Steam user and tricking them into opening a file with a malicious payload.
After that, the software exfiltrates their Steam config files and sifts through them to find the Steam KeyValue file, which contains login credentials, and the information maintaining a user’s session.
Once gaining control of the user’s account, hackers can then flip the accounts for around £10 on the black market, giving the purchaser access to the original user’s library of games and collectable inventory items.
The experts say that the largest markets for compromised accounts are in Russian and Eastern European territories, although instances have been observed all over the world.
“The gaming community has become a highly desirable target for cybercriminals,” Pontiroli stated. “There has been a clear evolution in the techniques used for infection and propagation, as well as the growing complexity of the malware itself, which has led to an increase in this type of activity.”
Security researchers have recommended various ways to prevent cyber criminals from exploiting users’ accounts, though complete protection cannot be guaranteed.
