BloodyStealer Malware Hunts for Expensive Gaming Accounts

A Trojan codenamed BloodyStealer is indeed out for blood, or at least for tasty gaming accounts. According to security researchers, the malware is looking to swipe credentials for valuable gaming accounts regardless of platform used.

BloodyStealer can steal your account, whether you use Steam, Electronic Arts' Origin store or even Epic Games. The malware is structured like a traditional Trojan horse, with the capability to capture and exfiltrate all sorts of data from the victim's system, starting with the traditional - browser cookies and login credentials, and moving into the more exotic - login and session data from applications.

BloodyStealer has been around for a while now - researchers first spotted the malware being advertised on hacking websites as early as March this year. The tool was offered at a pretty low price as well - a $10 per month subscription model or a $40 lifetime purchase.

The malware can intercept sessions from all popular gaming platforms and their client applications, including Steam, GOG Galaxy, Origin and the Bethesda launcher.

Gaming accounts, much like social media profiles and other accounts, have become something of a commodity. With some platforms and accounts, this is even more relevant. A gaming profile on the Steam platform, for example, may have digital items worth hundreds of even thousands of dollars in its digital inventory.

Those items are resalable through third-party websites and channels outside of the Steam marketplace. This means that a stolen account that has valuable items in it can easily be abused for far more than the value of the games contained in it.

Similarly, games on other platforms can also have in-game digital items such as character "skins", outfits or costumes, which can potentially be worth a lot of money when re-sold on a secondary market.

With gaming accounts, the best thing that a user can do to protect their account and privacy is to enable multi-factor authentication. This functionality has been implemented in all major platforms and there really is no excuse not to use this strong, additional layer to protect your account, regardless of platform.

September 29, 2021