BloodyStealer Terrorizing Gamers and Selling their Accounts on the Dark Web
Kaspersky researchers have come across an advanced Trojan. It goes by BloodyStealer and is on sale on the dark web
Also, it harvests gamers’ accounts across gaming platforms such as:
Epic Games Store
Now, the online gaming industry has its benefits. For instance, it is one of the driving forces behind internet penetration. Particularly to the most remote areas across the world. As an example, Statista projects the industry a lot of revenue from the game market. To be specific, by 2021, the revenue will surpass $138 billion.
Following that, it is a constant favourite by cyber attackers. Remember, the BloodyStealer Trojans premeditate attack campaigns to harvest in-game goods. In addition, they attack gaming accounts as they are on demand on the darknet. Another reason being, they fetch a good bounty.
According to Kaspersky researchers, passwords and logins from players are relatively cheap. For example, from gaming platforms like Ubisoft, EpicGames and Origin. They fetch $14.2 per thousand accounts in bulk. Moreover, if sold individually, you get 30% of the account value.
How Popular is BloodyStealer?
The Trojan’s popularity increases as days go by. The main reason being, it avoids detection and malware analysis. Furthermore, BloodyStealer can harvest various critical information like:
Sessions from apps
Logs from the memory
It uses techniques like the anti-analysis method. This technique complicates its reverse engineering analysis. For instance, that includes the use of packers and anti-bugging methods. As a result, cybercriminals prefer the Trojan.
“The developers behind his stealer also added capabilities, such as grabbing information related to online gaming platforms. This information can then be sold on different underground platforms or Telegram channels that are dedicated to selling access to online gaming accounts,” said a researcher at Kaspersky.
In 2020, the gaming industry sustained more than 240 million web application attacks. This was a 340% surge from 2019. On that, a report highlighted the crises that led to the rise of cyberattacks. So then, it got observed that SQL injection was the top web application attack. It accounted for 59% of all the attacks.
After that, Local File Inclusion (LFI) followed with 24% attacks. Indeed, threat actors leveraged different web application vectors. For this reason, they targeted sensitive data stored within the applications.
Options in the Dark Markets
Unfortunately, BloodyStealer is not the only Trojan targeting gamers. In fact, there are many more used to gather login credentials and other data. Therefore, darknet sellers provide different goods sold both wholesale and retail. Above all, the most famous wholesale product is logs.
The logs are essential in carrying out phishing schemes.
Remember that all transactions on the dark web are in the form of cryptocurrency. Also, when accessing the dark web, use the Tor browser. By doing that, you minimize the risk of getting tracked by law enforcement.
How to Avoid Losing Your Gaming Account
For the most part, protect your account with two-factor authentication.
Use a strong security solution.
Buy games from official sites.
Be aware of phishing campaigns and strange gamers contacting you.
Do not click on external links to external sites from a game chat.