The bloodystealer can evade casual detection and obfuscate reverse-engineering attempts—all at a low low price!
An advanced trojan-stealer malware dubbed the BloodyStealer has been discovered on Dark Net forums, to facilitate gamer account theft across Europe, Latin America, and the Asia-Pacific region.
BloodyStealer is capable of gathering and exfiltrating various types of data, including gaming profile data, particularly from EpicGames, Origin, and Steam platforms. This malware also stands out because of several anti-analysis methods used to complicate its reverse engineering and analysis, including the use of packers and anti-debugging techniques.
Researchers from Kaspersky first spotted the malware in March 2021, when it was advertised as being capable of evading detection and malware analysis in general. It is sold on underground forums at an attractive price: less than US$10 for a 1-month subscription, or US$40 for a lifetime subscription. Customers can choose to protect their sample with a packer they prefer or use it as part of another multi-stage infection chain.
While BloodyStealer is not made exclusively for stealing game-related information, the platforms it can target clearly point to the demand of this type of data among cybercriminals. Logs, accounts, in-game goods—all of these game-related products are sold on the Dark Net in bulk or individually. The stolen accounts do not come from accidental data leaks but are the result of deliberate cybercriminal campaigns that employ malware such as BloodyStealer.
CommentedDmitry Galov, the firm’s security researcher: “Despite the fact that cybercriminals have various options available if they want to buy or rent a stealer, BloodyStealer has definitely attracted some attention on one of the underground forums. This stealer has some interesting capabilities such as extraction of browser passwords, cookies, and environment information, which can then be sold on different underground platforms selling access to online gaming accounts. So (people who want to) enjoy gaming peacefully and not worry about stolen in-game credits or accounts should use two-factor authentication and a reliable security solution.”