The security company Kaspersky released a new report that clearly shows just how much of a problem the Steam Stealer malware is. Not only does the malware infect thousands of people each month, it is also very to easy to use and to cheap to purchase for criminals that want to get their hands on your Steam accounts.
The Steam multi-OS distribution entertainment platforms owned by Valve has over 100 million registered users and several thousand games available for download worldwide. Such a popularity makes it a prime target for criminals that want to make a quick buck of your hard earned collection. A recently published report shows that 77 thousand Steam accounts are highjacked and pillaged every month, making it a huge problem.
The prime suspect in the account highjackings is the malware known as Steam Stealer (Trojan-psw.Msil.Steam, Trojan.Msil.Steamilik, and Trojan.Downloader.Msil.Steamilik, amongst others). The malware is thought to originate from Russian-speaking cybercriminals, but it doesn’t matter as much where it originates from as how it is being used.
Steam Stealer works as a malware-as-a-service business model which in itself isn’t that new. Other malware types are using the same business model, but there is a difference in the costs. Previously known models have cost in the range of £350, making it something you really want to do in order to pay up the cash to use the service. Steam Stealers, on the other hand, are available for prices as low as £20. That’s something people will pay just to make a joke, which makes everything worse. On top of that, Steam Stealer malware-as-a-service is available with distinct features such as free upgrades, user manuals, custom advice for distribution and more.
The malware is mainly distributed via fake cloned websites or social engineering attacks with direct messages. Once you’ve got the malicious file and opened it, the malware will steal the entire set of Steam configuration files, locate the Steam KeyValue file that contains your credentials, and even grab your session data. With this information, your account is wide open to the criminals to plunder and pillage.
Where a steam account once only had a smaller value due to the games being locked into the account, that has changed with the introduction of all sorts of collectables and in-game items that at times can be worth thousands of pounds each. That makes Steam accounts a highly valuable target.
“The gaming community has become a highly desirable target for cybercriminals. There has been a clear evolution in the techniques used for infection and propagation, as well as the growing complexity of the malware itself, which has led to an increase in this type of activity. With gaming consoles adding more powerful components and the Internet of Things on our doorstep, this scenario looks like one that will continue to play out and become more complex. At Kaspersky Lab, we hope that our research will develop into an ongoing investigation, bringing a much-needed balance to the gaming ecosystem. Security should not be something developers think about afterwards, but at an early stage of the game development process. We believe that cross-industry cooperation can help to improve this situation,” comments Santiago Pontiroli, Global Research & Analysis Team, Kaspersky Lab.
To stay safe, you should make sure that you have up-to-date security software installed and it couldn’t hurt to check out Valve’s own security measures either. Maybe you can secure your account better than you already have and take that extra step to protect your valuable gaming content.