Darknet Report: 280,000 gaming accounts for just $ 4,000



Anyone who buys a lot of video games and virtual items from Origin, Steam & Co. is a lucrative victim to cybercriminals. The trade in login data for such accounts is flourishing in underground forums.

Kaspersky security researchers have analyzed the market in a recent study and provide some interesting insight into the prices criminals sell accounts at and how they can get their login credentials in the first place. Such accounts and in-game items cost 40-70% less than the original black market price. If an account is linked to a lot of items and games, that’s a good deal.

During their observations, the researchers also came across malware as a service offerings in this area of ​​cybercrime. Basically, anyone with little prior knowledge can take advantage of such offers to hunt down a hired Trojan. Malware vendors earn commissions. In this case, the problem is the BloodyStealer malware, which is designed, among other things, to extract account data from the game platforms Epic Games, Origin and Steam. According to the researchers, this happens, for example, by copying cookies from the browser.

In an underground forum, criminals promote the BloodyStealer Trojan horse. The malware would not be recognized by Windows Defender and would be able to steal account data from GOG and Steam, for example.

(Photo: Kaspersky)

According to the researchers, it is a sophisticated Trojan horse with several methods to evade detection and analysis by security researchers. A one-month subscription should cost $ 10. $ 40 would be due for a lifetime license. The length of time this “service” will be available is of course debatable and criminals certainly do not offer refunds.

Security researchers analyzed several offerings of account data in the Darknet. One forum member offers around 280,000 valid accounts for just $ 4,000, he said.

There are several roles in this structure: First, the criminals who collect account data with a Trojan horse or through phishing emails. Kaspersky calls this group “operators”. Next come the “verifiers” who verify the validity of the data. After all, invalid passwords damage a seller’s reputation. The “controllers” then generally receive 40% of the profits from the sales.

In general, accounts should be protected using two-factor authentication (2FA) whenever possible. If an unauthorized person has a valid password in this case, they cannot access the account without the second factor. You can only log in with the password and 2FA code usually generated through a smartphone app.

Additionally, you should not click on links in emails or in-game chats without thinking. Criminals often use it to harvest access data. In many cases, Trojans hide themselves in disguise as legitimate email attachments. Another scam is that Trojans hide behind game pirate files. It is currently unclear how and to what extent BloodyStealer spreads.


Disclaimer: This article is generated from the feed and is not edited by our team.



About Author

Leave A Reply