The new Trojan, which is sold on Russian hacker forums, offers those who buy it the possibility of stealing user accounts on popular services such as Steam, Epic Games Store and EA Origin.
In March this year, Kaspersky researchers noticed an ad for malware called “BloodyStealer” on a Russian hacker forum. The customer can use Telegram channels as well as traditional web panels to communicate with the C&C server. Potential buyers can contact the seller via Telegram. The malware sells for 700 rubles (less than $ 10) for a month of use or 3,000 rubles ($ 40) for a lifetime subscription.
BloodyStealer has so far been used in Europe, Latin America and the Asia-Pacific region.
According to the researchers, BloodyStealer is a Trojan capable of collecting and retrieving various types of data from browsers – cookies, passwords, forms, bank cards, stealing all information about the computer and taking screenshots and stealing sessions from various applications. Data collected from applications such as Bethesda, Epic Games, GOG, Origin, Steam, and VimeWorld are extracted and sent to an attacker-controlled server, from where it is likely to be monetized on dark internet platforms or Telegram channels where it is otherwise sold. access to accounts for online games. Malware also steals files from the desktop and uTorrent and collects logs from memory.
The authors of the malware also point out that the malware uses a number of methods that prevent detection and complicate reverse engineering.
At the time of the investigation into this malware, the discussion on the BloodyStealer forum was not publicly available, but visible information on the forum revealed to researchers that this malware is still current, only now it is talked about on private channels. It is obvious that those behind this Trojan have decided to offer their product only to VIP members of hacker forums.
Kaspersky did not detect the vectors of the attack, but it is common in such cases to use fake websites from which people download games or that the infection occurs via e-mails and messages containing links to websites where players enter their account information. .
“BloodyStealer is a great example of an advanced tool used by cybercriminals to break into the gaming market.” say Kaspersky Lab researchers. “With its interesting features, such as retrieving passwords from browsers, cookies and environment information, as well as gathering information about online gaming platforms, BloodyStealer is valuable in terms of data that can be stolen from players and later sold on the darknet. ”
Source: Informacija.rs by www.informacija.rs.
*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!