Steam Stealer malware steamrollering gamers to steal credentials

A new security report from Kaspersky Lab is shedding light on Steam Stealer, a growing family of malware that hackers are using to steal credentials for Valve Corporation's Steam online gaming platform.

Cyber-criminals are using Steam Stealer malware to swipe gamers' hard-won treasures and sell them on the black market
Cyber-criminals are using Steam Stealer malware to swipe gamers' hard-won treasures and sell them on the black market

Only in the world of online gaming can a real-life criminal hijack a spaceship and sell it for $1000 (£692).

A new security report from Kaspersky Lab is shedding light on Steam Stealer, a growing family of malware targeting credentials on Valve Corporation's Steam online gaming platform.

Kaspersky researcher Santiago Pontiroli and independent researcher “Bart P” began a joint investigation into the malware about six months ago, looking to expose just how pervasive this cyber-criminal phenomenon has become. 

They found almost 1200 varieties of Steam Stealer malware, launching attacks on tens of thousands of users. The malware swipes not only credentials but also premium gaming items—super weapons and powers that gamers earn by either levelling up or making online purchases. 

In an email interview with SCMagazine.com, Pontiroli said that in some instances, stolen gaming assets included “space shuttles or spaceships that sold for more than $1,000 (£692) per unit”.

“Since it can take a player years or an extreme amount of effort to achieve a game's goals and become an expert or ‘god,' the prices are often higher to reflect that work. It's incredible that in just a few seconds something like a spaceship can be stolen and then sold to a third party,” Pontiroli added.

The promise of such profits is especially alluring to budding cyber-criminals, who can buy Steam Stealer on the black market for as little as $30 (£21) on a malware-as-a-service basis, the Kaspersky report explained.

These malware purchases even come with free upgrades, user manuals and other customer-friendly features. In contrast, many other malware solutions on the market start at $500 (£346) a pop, making Steam Stealer a bargain. 

Indeed, with stolen user credentials often going for $15 (£10) apiece on the black market, hackers can potentially get a return on their investment with just a couple sales of illegally obtained credentials. “Due to the worldwide infections and an average cost of basic victims' accounts, we believe the income for cyber-criminals is actually impressive,” Pontiroli told SC.

According to the Kaspersky, the malware is typically spread through malicious websites, as well as via social engineering tactics. Once downloaded, the malware steals everything necessary to control a user's account, including a comprehensive set of Steam configuration files, the specific Steam KeyValue file that contains a user's credentials and the information that maintains a user's session.

Containing traces of Russian language in its coding, the Steam Stealer malware family includes such trojan groups as Trojan.Downloader.Msil.Steamilik, Trojan.Msil.Steamilik and Trojan-psw.Msil.Steam. 

Russian and Eastern European gamers have been the hardest hit so far, but the malware has also notably targeted players in the US, Western Europe, India and Brazil, the report noted.