Not everyone is capable of hacking Steam accounts to get their hands on those valuable item drops from Counter Strike: Global Offensive or Dota 2. However, some enterprising criminals believe in the malware-as-a-service model and have been found selling Steam account stealers for $7 (about RM30).
Steam Stealer is a new breed of malware that specifically targets Valve’s gaming platform. The malware campaigns themselves are not entirely new, although the number of victims has been steadily increasing. A report from Kaspersky claims that 77,000 users are affected every month according to Steam’s own statistics.
Steam Stealer appears to have originated from source code leaked from a Russian hacker forum. The malware slowly evolved as cybercriminals tweaked the code to suit their own purposes. What is interesting is that many of these criminals have decided to sell the malware instead of deploying it themselves.
As mentioned above, the malware can be found for $7, which includes source code and user manuals. Those who only want the malware can find it for as low as $3 (about RM12.50); which comes in a variety of configurations, versions, and even custom advice for how to use it. In comparison, the value of a Steam account on the black market is estimated at $15 (about RM60).
Kaspersky researcher Santiago Pontiroli and his independent research colleague Bart P., observed that Steam Stealer attracts many customers due to how easy it is to use. It appears that even technologically challenged criminals will be able to purchase and deploy the malware.
Victims of Steam Stealer are mainly concentrated in Russia and Brazil, although it has proliferated across every country with Steam users. Several cases have been reported in Malaysia as well, although it lacks severity in comparison with the primary targets of the cybercriminals.
Steam is currently taking these threats very seriously as evident with the multiple options for two-stage authentication. Steam Guard should be activated by default, and the service has implemented security measures on item trading; albeit, at the expense of making trading more difficult.
In either case, it is better to suffer a little inconvenience than make it easy for criminals to break in and clean out entire hard earned inventories.
[Source: Kaspersky Lab]