Press "Enter" to skip to content

Darknet Report: 280,000 gaming accounts for just $ 4,000

Anyone who buys a lot of video games and virtual items from Origin, Steam & Co. is a lucrative victim for cyber criminals. Trading in log-in data for such accounts is flourishing in underground forums.

Kaspersky security researchers analyzed the market in a recent study and provide exciting insights into the prices for which criminals sell accounts and how they can get their log-in data in the first place. Such accounts and in-game items cost 40 to 70 percent less than the original price on the black market. If an account is linked to a large number of items and games, that amounts to a bargain.

During their observations, the researchers came across malware-as-a-service offerings in this area of ​​cybercrime as well. Basically anyone with little prior knowledge can take advantage of such offers to hunt down a rented Trojan. The malware providers collect commissions. In this case, the issue is the BloodyStealer malware, which is designed, among other things, to extract account data from the gaming platforms Epic Games, Origin and Steam. According to the researchers, this happens, for example, by copying browser cookies.

In an underground forum, criminals are promoting the BloodyStealer Trojan. The malware is said to not be recognized by Windows Defender and is said to be able to steal account data from GOG and Steam, for example.

(Image: Kaspersky)

According to the researchers, it is said to be a sophisticated Trojan horse that has several methods of evading detection and analysis by security researchers. A one-month subscription should cost $ 10. $ 40 is said to be due for a lifetime license. How long this “service” will be available is of course questionable and the criminals certainly do not offer a refund.

The security researchers have analyzed several offers of account data in the Darknet. A forum member offers around 280,000 valid accounts for just $ 4,000, according to him.

There are several roles in this structure: First and foremost are the criminals who collect account data with a Trojan horse or via phishing emails. Kaspersky calls this group “Operators”. This is followed by the “checkers” who check the data for validity. After all, invalid passwords damage the seller’s reputation. The “checkers” then typically receive 40 percent of the sales profits.

In general, accounts should be protected using two-factor authentication (2FA) whenever possible. If an unauthorized person is in possession of a valid password in this case, they cannot access the account without the second factor. You can only log in with the password and the 2FA code usually generated via a smartphone app.

In addition, you shouldn’t click on links in emails or in-game chats without thinking. Criminals often use this to fish access data. In many cases, Trojans lurk disguised as legitimate email attachments. Another scam is that Trojans hide behind game-cracking files. How and to what extent BloodyStealer is spreading is currently not known.


Article Source

Disclaimer: This article is generated from the feed and not edited by our team.