Researchers from Kaspersky have spotted an advanced trojan, named BloodyStealer, on dark web forums. The trojan aims to steal gamers’ account data across multiple gaming platforms such as Epic Games Store, EA Origin, and Steam.
What has happened?
- Discovered in March, this new trojan has been targeting gaming platforms to harvest gaming account-related details.
- Since its discovery, BloodyStealer has already targeted users based in Latin America, Asia Pacific, and Europe.
- The information stealer is being sold using private channels to VIP members of underground forums, where the subscription model is priced at USD $40 for a lifetime license or less than $10 per month.
Logs, accounts, and in-game goods are game-related assets that are being sold on the darknet for an attractive price or offer. The high demand for such information in the black market could be the reason behind this attack campaign.
Functionalities of BloodyStealer
BloodyStealer comes with detection evasion, along with malware analysis protection. In addition, it has various capabilities.
- It can steal sessions from clients such as Bethesda, GOG, VimeWorld, Steam, Epic Games, Telegram, and Origin. Furthermore, it can steal files from the desktop (.txt) and the uTorrent client.
- It can gather and steal a wide range of sensitive info, such as passwords, cookies, bank cards, sessions from multiple apps, and more. It can collect logs from the memory.
- It is equipped with logging protection and reverse engineering protection mechanisms.
Conclusion
BloodyStealer appears to be an advanced malware with a plethora of capabilities. It comes with anti-detection techniques that make it more lucrative for cybercriminals. Though it is targeting only gaming accounts, it has the potential to expand its scope to other industries as well. This latest development indicates the rapid pace at which cybercrime is maturing with the evolution of advanced malicious products and services.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/iStock_000066003039_Medium.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/1fac_shutterstock_1978811939.jpg)
