BloodyStealer malware targets gamers

Researchers found a new virus called BloodyStealer, which is used by malicious hackers to steal accounts from various gaming platforms such as Steam, Epic Games Store, GOG Galaxy, EA Origin, and others.

 

The new malware, which was discovered by Kaspersky researchers, is for sale on dark web forums. The malware enables operators to steal a wide range of data, including cookies, passwords, bank cards, and session data from many applications.

 

Operators sell stolen data on illicit marketplaces, and gaming accounts are sought after in the cybercrime ecosystem. Game login credentials for popular platforms like Steam, Origin, Ubisoft, and EpicGames are available for 14.2 USD per thousand accounts, or 1-30 percent of their combined worth when sold individually.

 

BloodyStealer is available as malware-as-a-service for less than ten dollars per month or forty dollars per year.

 

According to Kaspersky experts, the malware uses many anti-analysis methods, including the usage of packers and anti-debugging techniques.

 

The malware’s features as described by its creator below.

 

The following features of BloodyStealer are highlighted in the advertisement:

 

  • Grabber for cookies, passwords, forms, bank cards from browsers

 

  • Stealer for all information about the PC and screenshots

 

  • Steals sessions from the following clients: Bethesda, Epic Games, GOG, Origin, Steam, Telegram, VimeWorld

 

  • Steal files from the desktop (.txt) and the uTorrent client

 

  • Collect logs from the memory

 

  • Duplicate logging protection

 

  • Reverse engineering protection

 

  • Not functional in the CIS

 

As part of a larger malware attack chain, Kaspersky reports that many threat actors acquired and exploited the malware. The malware is being used to deliver KeyBase or Agent Tesla by the attackers. They integrated the stealer component with other malware families and secured it with various packers, such as Themida, in some cases.

 

After exfiltrating the data, BloodyStealer will transfer it to a command and control server, where hackers can access it via Telegram or a web panel. BloodyStealer is a malware that targets victims in Europe, Latin America, and Asia-Pacific.

 

Kaspersky says that because of the malware’s effective anti-detection mechanisms and low price, it will almost be seen in combination with other malware families in the near future. Moreover, they explained that BloodyStealer provides value in terms of the data it can steal from gamers and then sell on the darknet, such as browser passwords and cookies, as well as steal data related to online gaming.

 

You might also like:

Chinese company EskyFun exposes over 1 million Android gamers’ data

Windows 11 Alpha malware: Your financial data might be at risk

Hackers are using proxyware tools to sell victims internet bandwidth