Game off: Kaspersky reviews password stealers that target major gaming services
Gaming platforms represent an industry with a multi-million user audience. Cybercriminals are fully aware of this, utilizing various types of malware to profit from gamers. To understand the extent of exploitation, Kaspersky reviewed threats targeting major gaming platforms and found at least four malware specimens that are capable of stealing users’ account data from platforms such as Battle.net, Origin and Uplay, in order to resell it afterwards. However, these Trojans are not just looking to affect gameplay but your banking details could also be at risk.
Password stealers are a type of Trojan malware, designed to steal account data – from gaming session tokens or login details, to nearly any information saved on a computer. This can include cookie files, login credentials and passwords saved on a browser, along with a lot more. In some instances, stealing gaming details is just one of the malware’s functions, and online banking passwords are also of interest.
During this period of remote working and social distancing, it is understandable and logical for many people to turn to their devices for entertainment. Acknowledging that this may also inspire cybercriminals to carry out attacks, Kaspersky analyzed the password stealer landscape to see how vulnerable users could be. Threat analysis presented four malware families – Kpot, BetaBot, Okasidis and Thief Stealer, which all carry an interesting Trojan specimen.
For instance, Kpot Trojan can steal cookie files, accounts from various messengers, and one of the gaming platform’s session tokens. By obtaining session token data, cybercriminals do not get access to the user’s login and password details, however, they can quickly resell all valuable in-game attributes. Other Trojan specimens, such as Okasidis and Thief Stealer, focus on stealing specific files from game-related folders on the infected computer.
Trojan stealers can also retrieve browser data. For example, BetaBot targets a number of popular gaming platforms in the following way: if a user visits a URL, which contains specific keywords, the malware turns on data gathering on these pages. This allows logins and passwords entered on the page to fall into criminals’ hands.
What is particularly interesting regarding all the observed Trojans, is that they are virtually unnoticeable to users. In all cases, the Trojans are not visible to the user as they do not demand any extra permissions or send fake alerts – they just quietly steal data.
It is important to note that these Trojans do not exploit any platform vulnerabilities, as they purely focus on gathering data from an infected device.
“There are numerous gaming-focused threats out there, from fake files and compromised modes resold on the web, through to phishing pages. However, if a user is aware of these threats, they can take steps to protect themselves from harm. Unfortunately, this is not the case with password stealers, as it is hard for a user to spot them. This means that gamers need to be proactive in keeping themselves safe and always take extra precautions, as well as using a reliable security solution to prevent their computer from becoming infected,” comments Alexander Eremin, Kaspersky security analyst.
In order to protect your gaming accounts from malware, including password stealers, Kaspersky recommends taking the following steps:
- Set up two-factor authentication, so even if your login and password have been stolen, they will not be enough to access your account
- Only download gaming modifications from trusted sources
- Use a reliable security solution, such as Kaspersky Security Cloud, which will be able to identify stealers and stop them from stealing your data
- Do not turn off your security solution while playing a game. Some security solutions, such as Kaspersky Security Cloud, have a special gaming mode, which reduces the load on the computer during playing time and does not affect the quality of the gaming experience.
Learn more about password stealers and what they do on Kaspersky Daily.