BloodyStealer malware targets gamers, scrapes cookies, passwords and payment data

Cybersecurity solutions provider Kaspersky on Monday said its researchers have discovered an advanced Trojan, BloodyStealer, which is currently sold on darknet forums online. 

BloodyStealer has been used to steal gamers’ accounts on popular gaming platforms such as Steam, Epic Games Store, and EA Origin, with features to avoid analysis and detection, and a low subscription price, among other capabilities, a statement said. 

The Moscow-based firm added in its statement that BloodyStealer is a prime example of the type of threat online gamers face, and that an overview of the game-related products stolen and sold on the darknet can be found in its latest report on related data threats. 

The detected malware can scrape cookies, passwords, bank cards and entire accounts. As per in-house research findings at Kaspersky, in-game goods and gaming accounts are in demand on the darknet. 

Combinations of gaming logins and passwords to popular platforms such as Steam, Origin, Ubisoft or EpicGames can sell as cheaply as $14.2 per thousand accounts when sold in bulk, and for 1-30% of an account’s value when sold individually, Kaspersky said. 

Stolen accounts do not come from accidental data leaks, but are the result of deliberate cybercriminal campaigns that employ malware such as BloodyStealer. 
 
BloodyStealer is a Trojan-stealer capable of gathering and exfiltrating various types of data, for cookies, passwords, forms, banking cards from browsers, screenshots, log-in memory, and sessions from various applications. 

Kaspersky researchers first spotted it in March, where it was advertised as being capable of evading detection and protected against reverse engineering and malware analysis in general.  

The malware is sold on underground forums at an attractive price –- less than $10 for a one-month subscription or $40 USD for a lifetime subscription, the statement added. 

Kaspersky said its experts detected attacks using BloodyStealer in Europe, Latin America, and the Asia-Pacific region. 

“This stealer has some interesting capabilities, such as extraction of browser passwords, cookies, and environment information. The developers behind this stealer also added capabilities, such as grabbing information related to online gaming platforms,” Dmitry Galov, security researcher at Kaspersky’s Global Research and Analysis Team, said. 

Galov added that online gamers may protect their accounts through two-factor authentication and use a reliable security solution to protect devices, in order to retain in-game credit.