Skip to main content

New malware steals your Steam, Epic, EA accounts — how not to get pwned

Battlefield 2042
(Image credit: EA)

Look out, PC gamers — new malware is going after your Steam, Epic Games, EA Origin, Bethesda and GOG accounts.

The malware, dubbed "BloodyStealer" by its discoverers at Kaspersky, swipes session cookies, passwords and credit cards, takes screenshots, profiles infected PCs and tries to hide from antivirus software. 

It's active in Europe, the Asia-Pacific region and Latin America, but like a lot of malware, it won't function on computers in Russia or other former Soviet republics.

"Gaming accounts are clearly hunted by cybercriminals, so if you want to enjoy gaming peacefully and not worry that your in-game credit or accounts will be gone, make sure you protect your account through two-factor authentication and use a reliable security solution to protect your devices," said Kaspersky security researcher Dmitry Galov .

Stolen accounts for online gaming platforms can be sold on the black market, often packaged in bundles. Even session cookies that provide only temporary access to other people's games are worth something.

Would-be bad guys can "subscribe" to BloodyStealer for about $10 per month, or can get a lifetime license for $40. (Malware coders often use subscription models to distribute their wares to criminals, sometimes with tech support built in.)

It's up to the subscribers to package and deliver the malware to victims. The infection vectors may vary, but often come in the form of pirated games, license-code "cracks" or even software updates.

How to avoid BloodyStealer

To avoid being infected by BloodyStealer or similar malware, don't download pirated or cracked games, be wary of links inside game chats, install and run some of the best Windows 10 antivirus software — and scan whatever you download with that antivirus software before you run the installation process.

To avoid having your online gaming account stolen by any means, use two-factor authentication (2FA) as indicated above — here's how to set up 2FA on Epic Games — log out of game accounts when you're not using them, and use one of the best password managers to generate strong, unique passwords and "remember" them all.

"BloodyStealer is a prime example of an advanced tool used by cybercriminals to penetrate the gaming market," wrote Galov and fellow Kaspersky researchers Leonid Bezvershenko and Marc Rivero in a technical report.   With its efficient anti-detection techniques and attractive pricing, it is sure to be seen in combination with other malware families soon."

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.