New malware steals your Steam, Epic, EA accounts — how not to get pwned

Battlefield 2042
(Image credit: EA)

Look out, PC gamers — new malware is going after your Steam, Epic Games, EA Origin, Bethesda and GOG accounts.

The malware, dubbed "BloodyStealer" by its discoverers at Kaspersky, swipes session cookies, passwords and credit cards, takes screenshots, profiles infected PCs and tries to hide from antivirus software. 

It's active in Europe, the Asia-Pacific region and Latin America, but like a lot of malware, it won't function on computers in Russia or other former Soviet republics.

"Gaming accounts are clearly hunted by cybercriminals, so if you want to enjoy gaming peacefully and not worry that your in-game credit or accounts will be gone, make sure you protect your account through two-factor authentication and use a reliable security solution to protect your devices," said Kaspersky security researcher Dmitry Galov .

Stolen accounts for online gaming platforms can be sold on the black market, often packaged in bundles. Even session cookies that provide only temporary access to other people's games are worth something.

Would-be bad guys can "subscribe" to BloodyStealer for about $10 per month, or can get a lifetime license for $40. (Malware coders often use subscription models to distribute their wares to criminals, sometimes with tech support built in.)

It's up to the subscribers to package and deliver the malware to victims. The infection vectors may vary, but often come in the form of pirated games, license-code "cracks" or even software updates.

How to avoid BloodyStealer

To avoid being infected by BloodyStealer or similar malware, don't download pirated or cracked games, be wary of links inside game chats, install and run some of the best Windows 10 antivirus software — and scan whatever you download with that antivirus software before you run the installation process.

To avoid having your online gaming account stolen by any means, use two-factor authentication (2FA) as indicated above — here's how to set up 2FA on Epic Games — log out of game accounts when you're not using them, and use one of the best password managers to generate strong, unique passwords and "remember" them all.

"BloodyStealer is a prime example of an advanced tool used by cybercriminals to penetrate the gaming market," wrote Galov and fellow Kaspersky researchers Leonid Bezvershenko and Marc Rivero in a technical report.   With its efficient anti-detection techniques and attractive pricing, it is sure to be seen in combination with other malware families soon."

TOPICS
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Read more
A magnifying glass on top of the Steam logo in a web browser
Valve recommends a full PC reset after malware-infected game discovered on Steam
and image of the Google Chrome logo on a laptop
Google Docs under attack from info-stealing malware — how to keep your data and your emails safe
Mobile malware
New malware uses infected VPN apps to take over your device — here's how to stay safe
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
Latest in PC Gaming
Half-Life 2 RTX
I just went back to Ravenholm in Half-Life 2 RTX — Nvidia’s new RTX remix tech makes it 10x more terrifying
Nvidia ACE
I played with Nvidia's AI NPC prototypes — now they're real, and I fear I'll never finish a game again
Half-Life 2 RTX demo from Orbital Studios
Nvidia launches RTX Remix with new tools to help modders upscale old games with DLSS 4
AMD Radeon RX 9070 XT
Where to buy AMD Radeon RX 9070 and RX 9070 XT — I recommend these retailers in US and UK
Alienware Aurora R16
11 insider tips to make your games fun faster (without a new GPU)
nvidia rtx 50 series
Where to buy RTX 5070 Ti — live updates and stock checker
Latest in News
Lewis Hamilton of Great Britain and Scuderia Ferrari looks on during Sprint Qualifying ahead of the F1 Grand Prix of China at Shanghai International Circuit in Shanghai, China, on March 21, 2025. (Photo by Song Haiyuan/Paddocker/NurPhoto via Getty Images)
How to watch F1 Chinese GP 1 2025 online without cable – Sprint race, Qualifying
NYTimes Connections
NYT Connections today hints and answers — Saturday, March 22 (#650)
Nintendo Switch 2
Nintendo Switch 2 — 7 biggest questions that need answers at Nintendo Direct April 2
iPhone 17 Air render
iPhone 17 Air — new survey could be bad news for Apple's super thin iPhone
Segway g30lp
Segway recalls 220,000 electric scooters - what to do if yours is on the list
Samsung Galaxy S25 Ultra vs S25 Plus vs S25
Satellite messaging on Google Pixel 9 and Samsung Galaxy S25 just landed on 3 more carriers