Is called BloodyStealer the new “trojan stealer“which explicitly targets users of gaming platforms such as Steam, Epic Games, EA Origin, GOG Galaxy e altre. The target of this threat steal account data dhe users and resell them to the highest bidder. First identified by Kaspersky researchers in March, the new malware on sale on dark web forums as reported by the same company in these hours. The company’s software detects it as “Trojan-Spy.MSIL.Stealer.gen“.
From what has been learned from analyzing the threat, BloodyStealer capable of stealing a wide range of sensitive information including cookies, passwords, bank cards and sessions from various applications. “While BloodyStealer is not made solely to steal game-related information, the platforms it can operate on clearly indicate the demand for this type of data among cybercriminals,” writes Kaspersky. “Logs, accounts and in-game goods are some of the game-related products sold on the darknet in bulk or individually at an attractive price“.
BloodyStealer is sold via private channels to VIP members of dark web forums with a subscription model for about $ 10 a month or $ 40 for a “lifetime license”. The trojan-stealer, according to who markets it, also comes with features that prevent detection and anti-analysis methods used to complicate reverse engineering.
Since its discovery, Kaspersky has found that BloodyStealer been employed in targeted attacks on victims located in Europe, Latin America and the Asia-Pacific region. “BloodyStealer is a great example of an advanced tool used by cybercriminals to break into the gaming market. With its efficient anti-detection techniques and attractive prices, it will soon be used in conjunction with other malware families“add Kaspersky researchers.
“In addition, with its interesting features, such as extracting browser passwords, cookies and environmental information, as well as acquiring information related to online gaming platforms, BloodyStealer provides value in terms of data that can be stolen from players and subsequently sold on the darknet “. Further information can be found here.
Kaspersky did not share information on the attack vectors used to spread BloodyStealer, but the most vulnerable could be players who use cheats and mod their favorite titles. They are in fact very widespread “sources of infection”, already used to implant other Trojans, malware or cryptocurrency miners.