Late last year we saw the Valve Blog report that around 77,000 Steam accounts are hacked every month. The news came with a new initiative from Valve to push users to adopt two-factor authentication using the Steam Guard Mobile Authenticator (part of the Steam mobile app). The popular PC gaming platform also implemented delays in the trading process to give people a decent chance of noticing they have been hacked and be able to act and get their account back. The delays amount to 3 days for trading items to go through the system, or 1 day for trades with Steam friends you have had for over 1 year. However in an email HEXUS has recently received from Kaspersky Lab, there's a new breed of malware increasing in popularity -built to gain control of your Steam Account.
Steam has over 100 million users, who virtually hold a huge amount of valuable digital goods, making it a big target for fraudsters. It has come to the attention of Kaspersky Lab researcher Santiago Pontiroli and his independent research colleague, Bart P, that so called 'Steam Stealer' malware has started to proliferate.
The new malware originates from Russia, says Kaspersky, and it is sold under a malware-as-a-service business model for as little as £20. You can buy it "in different versions with distinct features, free upgrades, user manuals, custom advice for distribution and more," say the researchers.
There are still hurdles to jump to get the malware onto target user systems. Kaspersky says that "Steam Stealers are mainly distributed either via fake cloned websites hosting the malware or through a social engineering approach where the victim is targeted with direct messages, encouraging them to open a malicious file". However once on a target system the malware "steals the entire set of Steam configuration files," plus the Steam KeyValue file that contains user credentials, as well as the information that maintains a user's session. That theft enables cybercriminals to control the stolen accounts, assert the researchers.
Currently there are nearly 1200 samples of different Steam Stealers recorded across the globe. Leading regions for attacks are Russia, the US, Europe (France and Germany), India and Brazil. Kaspersky says it detects Steam Stealer trojan groups including Trojan.Downloader.Msil.Steamilik; Trojan.Msil.Steamilik; Trojan-psw.Msil.Steam and others.
As usual, the message to take away from this kind of news is; keep your security software up to date, and be wary of unfamiliar websites and potential phishing communications. Of course Steam has extra security measures which you can click through and implement too.
