It is emergency, malware targeting the Steam accounts are increasing as never before over the last months. The popular gaming platform is a privileged target for cyber criminals, Steam is owned by Valve and account for nearly 140 million users. The company estimates that nearly 77,000 accounts are hijacked and pillaged each month.
“We see around 77,000 accounts hijacked and pillaged each month. These are not new or naïve users; these are professional CS:GO players, reddit contributors, item traders, etc. Users can be targeted randomly as part of a larger group or even individually. Hackers can wait months for a payoff, all the while relentlessly attempting to gain access. It’s a losing battle to protect your items against someone who steals them for a living.” states the company in a blog post.
The security expert at Kaspersky Lab, Santiago Pontiroli, and Bart P, an independent security researcher, published an interesting analysis of malware targeting the Steam gaming platform and evolution of threats through the last few years.
In the recent months, the researchers observed a spike in the infections caused by a data stealer specifically designed to target the accounts on the gaming platform, dubbed Steam Stealer.
Steam Stealer first appeared on a forum in the Russian underground, it is advertised as a customizable threat that is offered for sale with upgrades and manuals.
“Adding new features is simple. The average developer just needs to select their favorite programming language and know just enough about Steam’s client design and protocol. There are many APIs and libraries available that interface seamlessly with the Steam platform, significantly reducing the effort required.” states the analysis.
The crooks use to spread the Steam stealer malware via bogus websites or sending direct messages to victims.
Steam stealer is very cheap, the cost of a build ranges from $3 and goes up to $30 USD, some sellers offer it as a malware-as-a-service tools.
“However, when it comes to these types of malicious campaigns we usually see prices starting in the range of $500 dollars (taking as a reference earlier ransomware-as-a-service markets).” explained Pontiroli and Bart P.
The researchers noticed a significant difference in the way criminals dropped the malware over the time. In the past they served the malware on users via URL shortening services, cloud storage services like Dropbox and Google Docs, and phony game servers and fake voice software sites. Recently attackers started using fake Chrome extensions and gambling sites.
A short rundown of past trends:
Current trends are as follows:
The experts explained that there are counter-measure that the Valve’s Steam has implemented to prevent attacks on its accounts including:
The experts explained that Steam implemented the above measured as a deterrent.
“We have listed all the options Steam offers users to protect their accounts. Remember that cybercriminals aim for numbers and if it’s too much trouble they’ll move on to the next target. Follow these simple recommendations and you will avoid becoming the low hanging fruit.”
No doubt, the number of attacks against the platform will continue to increase despite the effort spent by the company.
(Security Affairs – Steam, Steam Stealer)