Cybersecurity solutions firm Kaspersky reviewed threats targeting major gaming platforms in an effort to understand the extent of exploitation in the industry. It found at least four malware types that are capable of stealing users’ account data from platforms such as Battle.net, Origin, and Uplay, in order to resell it afterward.
However, these Trojans are not just looking to affect gameplay but banking details as well.
Password stealers are a type of Trojan malware, designed to steal account data — from gaming session tokens or log in details, to nearly any information saved on a computer. This can include cookie files, login credentials, and passwords saved on a browser, along with a lot more. In some instances, stealing gaming details is just one of the malware’s functions, and online banking passwords are also of interest.
Kaspersky analyzed the password stealer landscape to see how vulnerable users could be. Threat analysis presented four malware families including Kpot, BetaBot, Okasidis, and Thief Stealer, which all carry Trojan.
Kpot Trojan can steal cookie files, accounts from various messengers, and one of the gaming platform’s sessions tokens. By obtaining session token data, cybercriminals do not get access to the user’s login and password details. However, they can quickly resell all valuable in-game attributes. Other Trojan kinds, such as Okasidis and Thief Stealer, focus on stealing specific files from game-related folders on the infected computer.
Trojan stealers can also retrieve browser data. BetaBot targets a number of popular gaming platforms in the following way: if a user visits a URL, which contains specific keywords, the malware turns on data gathering on these pages. This allows logins and passwords entered on the page to fall into criminals’ hands.
In all cases, the Trojans are not visible to the user as they do not demand any extra permissions or send fake alerts: They just quietly steal data. Trojans do not exploit any platform vulnerabilities, as these purely focus on gathering data from an infected device.
“There are numerous gaming-focused threats out there, from fake files and compromised modes resold on the web, through to phishing pages,” said Alexander Eremin, security analyst at Kaspersky. “However, if a user is aware of these threats, they can take steps to protect themselves from harm. Unfortunately, this is not the case with password stealers, as it is hard for a user to spot them. This means that gamers need to be proactive in keeping themselves safe and always take extra precautions, as well as using a reliable security solution to prevent their computer from becoming infected.”
In order to protect gaming accounts from malware, including password stealers, Kaspersky recommends taking the following steps:
- Set up two-factor authentication, so even if your login and password have been stolen, they will not be enough to access your account
- Only download gaming modifications from trusted sources
- Use a reliable security solution, such as Kaspersky Security Cloud, which will be able to identify stealers and stop them from stealing your data
- Do not turn off your security solution while playing a game. Some security solutions, such as Kaspersky Security Cloud, have a special gaming mode, which reduces the load on the computer during playing time and does not affect the quality of the gaming experience.