Steam Stealer malware provides a thriving business for cyber thugs


Lloyd Banks Stan
Jun 29, 2013
Southside, 2gz Up
A new Kaspersky Lab report (pdf) by security researchers Santiago Pontiroli and Bart P looks at the big business of Steam Stealers that “have turned the threat landscape for the entertainment ecosystem into a devil’s playground.”

Wannabe cyber crooks might turn to malware which steals Steam credentials because it’s incredibly cheap. The report said $3 will buy usage rights for a Steam platform credential stealer and $7 adds source code and a user manual. Researchers said comparative malicious campaigns usually start at the $500 range. There are Steam Stealers which cost more, but “it would be hard to find any stealer being sold for more than $30.”

An old stealer that allegedly helped to revolutionize Steam stealing; researchers said its legacy lives on in malware being distributed in the wild.

The “Steam Stealer” breed of malware is simple to operate and is offered all over the place. In fact, the report says a “staggering number of script-kiddies and technically-challenged individuals resort to this type of threat as their malware of choice to enter the cybercrime scene.”

Steam has had a lot of problems with hijacked accounts over the years. “The ‘I got hacked’ story is told so frequently it's become commonplace,” Valve said in December. At that time, it was seeing about “77,000 accounts hijacked and pillaged each month” and so it deployed security changes.

Although the report referenced the new Steam record of more than 12 million concurrent players, the Christmas attack and caching issues which ultimately resulted in 34,000 gamers having their personal information served up to strangers, the researchers also listed current Steam Stealer trends. Gamers should be aware of the use of fake Chrome extensions, such as was used to steal from gamers’ Steam inventory. And believe it or not, “with the surprising price of hard-to-get items, ‘inventory stealing’ is not going away anytime soon and it reveals new methods for obtaining goods from its victim.”

Other current Steam Stealer trends include the use of fake gambling sites, fake deposit bots, AutoIT wrappers in an attempt to make analysis more difficult, and the use of RATs such as NanoCore or DarkComet. Cyber thugs in Eastern Europe have long been interested in stealing Steam credentials; with over a 125 million active Steam accounts worldwide and more than 7,000 games on Valve’s multi-OS platform, it’s too juicy of a target to stop attracting cybercriminals worldwide.

While the researchers’ predictions for what’s to come include “several interesting ideas,” they “do not want to give the creators of Steam Stealers a roadmap for their activities.” They added, “We have already seen ransomware attacking videogame players with creations such as ‘TeslaCrypt’, and we fear that combining different malware families could become a potential nightmare and up the ante in this never-ending game.”

The researchers advised gamers to stay on top of Steam’s updates and new security features. “Enable two-factor authentication via Steam Guard as a bare minimum,” they wrote before adding:

Bear in mind that propagation is mainly (but not solely) done either via fake cloned websites distributing the malware, or through a social engineering approach with direct messages to the victim. Always have your security solution up to date and never disable it; most products nowadays have a “gaming mode” which will let you enjoy your games without getting any notifications until you are done playing. We have listed all the options Steam offers users to protect their accounts. Remember that cybercriminals aim for numbers and if it’s too much trouble they’ll move on to the next target. Follow these simple recommendations and you will avoid becoming the low hanging fruit.

You can read more on Kaspersky’s Securelistblog or via the research paper (pdf).

Steam Stealer malware provides a thriving business for cyber thugs