Look out, PC gamers — new malware is going after your Steam, Epic Games, EA Origin, Bethesda and GOG accounts.
The malware, dubbed "BloodyStealer (opens in new tab)" by its discoverers at Kaspersky, swipes session cookies, passwords and credit cards, takes screenshots, profiles infected PCs and tries to hide from antivirus software.
- These cracked games will infect your PC with malware that's hard to remove
- The best PC games you can play right now
- Plus: iPhones, TVs and other devices could go offline this week — here's why
It's active in Europe, the Asia-Pacific region and Latin America, but like a lot of malware, it won't function on computers in Russia or other former Soviet republics.
"Gaming accounts are clearly hunted by cybercriminals, so if you want to enjoy gaming peacefully and not worry that your in-game credit or accounts will be gone, make sure you protect your account through two-factor authentication and use a reliable security solution to protect your devices," said Kaspersky security researcher Dmitry Galov (opens in new tab) .
Stolen accounts for online gaming platforms can be sold on the black market, often packaged in bundles. Even session cookies that provide only temporary access to other people's games are worth something.
Would-be bad guys can "subscribe" to BloodyStealer for about $10 per month, or can get a lifetime license for $40. (Malware coders often use subscription models to distribute their wares to criminals, sometimes with tech support built in.)
It's up to the subscribers to package and deliver the malware to victims. The infection vectors may vary, but often come in the form of pirated games, license-code "cracks" or even software updates.
How to avoid BloodyStealer
To avoid being infected by BloodyStealer or similar malware, don't download pirated or cracked games, be wary of links inside game chats, install and run some of the best Windows 10 antivirus software — and scan whatever you download with that antivirus software before you run the installation process.
To avoid having your online gaming account stolen by any means, use two-factor authentication (2FA) as indicated above — here's how to set up 2FA on Epic Games — log out of game accounts when you're not using them, and use one of the best password managers to generate strong, unique passwords and "remember" them all.
"BloodyStealer is a prime example of an advanced tool used by cybercriminals to penetrate the gaming market," wrote Galov and fellow Kaspersky researchers Leonid Bezvershenko and Marc Rivero in a technical report (opens in new tab). With its efficient anti-detection techniques and attractive pricing, it is sure to be seen in combination with other malware families soon."