Kaspersky researchers have discovered an advanced Trojan, called the BloodyStealer, sold on darknet forums and used to harvest gamers’ accounts across widely used gaming platforms such as Steam, Epic Games Store, and EA Origin.
The Online Gaming industry is one of the driving forces behind internet penetration to the most remote locations across the world. Statista in its global video game market report projects the industry revenue from the video game market to surpass 138 billion USD by 2021. Given the might of the market, it is a constant favorite of cyberattacks.
The BloodyStealer Trojans are premeditated attack campaigns to harvest in-game goods and gaming accounts as they are in high demand on the darknet and fetch a good bounty.
According to the Kaspersky researchers, gaming logins and passwords from players across the gaming platforms like Origin, Ubisoft or EpicGames fetch 14.2 USD per thousand accounts in bulk and up to 30% of the account value if sold individually.
The Trojan has been gaining popularity due to its ability to avoid detection and malware analysis. The Trojan can harvest a range of critical data like passwords, cookies, bank cards, sessions from apps, and logs from the memory.
The use of techniques like anti-analysis method to complicate its reverse engineering analysis, including the use of packers and anti-debugging techniques has made it a choice for cybercriminals.
“The developers behind this stealer also added capabilities, such as grabbing information related to online gaming platforms. This information can then be sold on different underground platforms or Telegram channels that are dedicated to selling access to online gaming accounts,” comments Dmitry Galov, a security researcher at Kaspersky’s Global Research and Analysis Team.
According to research from Akamai Technologies, the gaming industry sustained more than 240 million web application attacks in 2020, which is a 340% surge from 2019. The “State of the Internet/Security report, Gaming in a Pandemic” highlighted the global crises that resulted in the rise of cyberattack traffic in the gaming industry.
It was observed that SQL injection was the top web application attack in 2020, accounting for 59% of all attacks, followed by local file inclusion (LFI) attacks (24%). While cross-site scripting (XSS) attacks accounted for 8%, remote file inclusion (RFI) attacks were recorded at 7%. Threat actors leveraged different kinds of web application vectors to target gamers’ login credentials and sensitive information stored within the applications.