Online game libraries are a great way to play anywhere, but it means you need to keep your account secure to prevent unauthorized access. All a hacker needs to know is your username and password and, at best, you have an urgent customer support ticket on your hands.
Now a particularly nasty virus called “BloodyStealer” is making the rounds, which aims to steal your video game accounts. So let’s examine what does this threat and how you can avoid it.
What is BloodyStealer?
Kaspersky has broken down how BloodyStealer works in a blog post, and what the malware analysis looks like, it’s a nasty package that all gamers have to be careful not to download.
BloodyStealer is called “Malware-as-a-Service“With this service, malware developers sell their wares on the black market so others can use them for their nefarious purposes. And since the price was low at $ 10 a month or $ 40 for life, anyone could use the tool.” download and use.
The BloodyStealer malware uses multiple attack vectors, but gamers need to be careful that they can steal credentials for online game library apps like Steam, Origin and Good Old Games. It does this by hijacking a session and stealing the credentials as they are sent.
If the account holder then has no further login protection, the hacker has full access to the victim’s account. And since your games are account tied, you get instant access to every game you’ve ever bought with it.
That’s not all BloodyStealer can do. Kaspersky lists passwords, device details, and screenshots as part of the malware’s arsenal, which means it can steal more than just your games.
Why do scammers want gaming accounts?
BloodyStealer has already had a devastating impact on player accounts. One BloodyStealer user reported 100,856 Steam accounts, 94,471 Epic accounts, and 46,244 Rockstar Games accounts, to name a few.
But why does a fraudster want so many accounts? If someone got their hands on an account or 10 or even 100, they had all the games they would ever need. But over 100,000? Why so many
Coincidentally, there is a second way that hackers can use game accounts. The black market is a hub for selling other people’s accounts, and video game-related ones are no different. As such, a successful hacker can make substantial profit by selling other people’s libraries to interested buyers.
In fact, the above mentioned user listed accounts because he wanted to sell them on the black market. They advertised a total of 280,000 accounts and sold the lot for $ 4,000, a low price considering the sheer number of games on all of those accounts.
How to stay safe from BloodyStealer
BloodyStealer can steal your credentials, but it needs to get on your PC first in order to do anything. So keep practicing good habits like downloading files from official sources, clicking suspicious links, and being careful with emails from outside sources.
However, there is a way to build an iron defense against this type of attack. BloodyStealer steals your username and password, but cannot steal any two-factor authentication (2FA) you have set up.
If BloodyStealer manages to steal a 2FA password, it won’t do much good. This is because 2FA passwords are used once and only take a few seconds. So by the time the password ends up in the hands of the hacker, it has already expired.
So make sure you set up 2FA on all of your gaming accounts. Some platforms have their own built-in systems, such as Steam Guard. Others accept third-party 2FA authenticators that allow you to enter a code and enjoy the protection they offer.
This of course means that you should use 2FA locks on your game library accounts to keep your treasure safe. However, games that don’t live in a library may still have their own 2FA system that you can use to protect yourself. Some of these games even give you free items when you add an authenticator to your account!
Stay safe from BloodyStealer
While BloodyStealer can pose a massive security threat, there are ways to protect yourself from it. Now you know how to keep your gaming accounts safe from prying eyes.
This article was previously published on Source link