Thousands of online gaming accounts hit in major cyberattack

Cybercriminals are increasingly targeting gamers and their accounts online

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercriminals are increasingly targeting gamers as well as their accounts online with a newmalwaredubbed BloodyStealer according toKaspersky.

Back in March of this year, the cybersecurity firm’s experts discovered an ad for BloodyStealer that said the malware is able to steal passwords, cookies, bank card details, browser autofill data, device data, screenshots, Desktop and uTorrent client files, logs and Bethesda,Epic Games, GOG, Origin,Steam, Telegram and VimeWorld client sessions.

Despite the fact that BloodyStealer is relatively new, the malware has already been used to target and infect users in Europe, Latin America and the Asia-Pacific region. What has allowed this malware to spread so easily online is that its creators use a malware-as-a-service (MaaS) distribution model where BloodyStealer can be purchased  on thedark webfor either $10 per month or around $40 for a “lifetime license”.

Besides being able to steal user data, BloodyStealer has a set of tools designed to make it difficult to analyze by security researchers and law enforcement. The malware sends stolen data as a ZIP archive to its C&C server which is protected againstDDoSand other web-based attacks. From here, cybercriminals can use either its basic control panel orTelegramto access the data and online accounts stolen from victims.

Targeting gamers

While BloodyStealer poses a serious threat to gamers, it’s still just one of the many tools available on the dark web to steal their accounts. Cybercriminals sell other types of malware andunderground hacking forumsoften feature ads offering to post a malicious link on popular websites or selling tools to generate phishing pages automatically.

However, one of the most popular products sold on the dark web is logs which aredatabasescontaining heaps of data for logging into stolen user accounts. In these ads, cybercriminals specify the types of data, the geography of users, the period over which the logs were collected and other details.

Cybercriminals also sell access to specific gaming accounts both individually and wholesale. Accounts with many games, add-ons and expensive virtual items are particularly valuable though they are often sold at a huge discount. For instance, in one ad observed by Kaspersky in itsblog poston the matter, a cybercriminal was selling 208k online gaming accounts for just $4000. Likewise, games are often sold at a fraction of their value on the dark web and copies of Need For Speed Heat orMadden NFL 21cost less than $0.50 cents.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To avoid falling victim to BloodyStealer, other types of malware and cyberattacks targeting gamers, Kaspersky recommends that users enable two-factor authentication (2FA) for their online accounts, only download apps and software from official stores, be wary of links in emails and messages from unknown senders, check websites for authenticity before entering your credentials and protect their devices withantivirus software.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)