{"id":11560,"date":"2016-03-15T06:00:35","date_gmt":"2016-03-15T10:00:35","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/?p=11560"},"modified":"2020-02-26T18:59:41","modified_gmt":"2020-02-26T16:59:41","slug":"stealing-steam-accounts","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/stealing-steam-accounts\/11560\/","title":{"rendered":"Steam stealers: your account is their target"},"content":{"rendered":"<p>Hackers are attracted by any web-resource where large amounts of money changes hands, like moths to light. This is what happened with Steam and, according to Valve\u2019s <a href=\"http:\/\/store.steampowered.com\/news\/19618\/\" target=\"_blank\" rel=\"noopener nofollow\">own calculations<\/a>, 77,000 user accounts get hijacked and pillaged monthly.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2016\/03\/06022710\/Steam-Hack-FB.jpg\" rel=\"attachment wp-att-11567\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2016\/03\/06022710\/Steam-Hack-FB.jpg\" alt=\"Steam stealers: your account is their target\" width=\"1280\" height=\"1280\" class=\"aligncenter size-full wp-image-11567\"><\/a><\/p>\n<p>As Valve <a href=\"http:\/\/store.steampowered.com\/news\/19618\/\" target=\"_blank\" rel=\"noopener nofollow\">reveals<\/a>, these victims are not only new or naive users. Professional<span class=\"Apple-converted-space\">\u00a0 players, Reddit contributors and item traders have all fallen victim. Steam recognizes that hackers are doing real business by stealing accounts and virtual gaming property. Modern developments let cybercriminals wait for months before one particular malware sample or infection incident brings profit \u2014 there are so many of them, that the destiny of one piece is not critical. As a result, almost every Steam account is now a target.<\/span><\/p>\n<p>Kaspersky Lab has decided to conduct an investigation to understand how bad things are on the gaming market. It turns out, our GReAT experts have highly underestimated the fraud scale. And among all the other bad things, Steam Stealers malware has attracted our attention. Hopefully, this report will evolve into an ongoing investigation, bringing much-needed balance to the gaming ecosystem.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Enjoy your Steam: how criminals make money on gamers <a href=\"https:\/\/t.co\/n2i9Nt3tgV\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/n2i9Nt3tgV<\/a> <a href=\"https:\/\/t.co\/Ytaz37fxf0\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/Ytaz37fxf0<\/a><\/p>\n<p>\u2014 Eugene Kaspersky (@e_kaspersky) <a href=\"https:\/\/twitter.com\/e_kaspersky\/status\/699616126511271936?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 16, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>Malware-as-a-service to steal the game<\/h3>\n<p>Basically the Steam Community works just like any other social network where users often interact with strangers, exchange messages or conduct trading of in-game assets. Steam is about games<span class=\"s2\">, and the games that you<span class=\"s2\"> have purchased are tied to your profile making it even more valuable. That\u2019s why phishing and spear-phishing attacks are in high demand among Steam-based cybercriminals, but those types of attack are just part of the story.<\/span><\/span><\/p>\n<p>A breed of malware called Steam Stealers has proved to be extremely profitable for hackers by pilfering Steam users all around the globe. Unfortunately, there is not a lone culprit or cybergang behind the attacks, but rather a legion of groups. We\u2019ve already observed <a href=\"https:\/\/www.kaspersky.co.za\/blog\/adwind-rat\/11252\/\" target=\"_blank\" rel=\"noopener\"><span class=\"s4\">a similar case<\/span><\/a>, where criminals <span class=\"s5\">were making money selling malware-as-a-service. This is where a criminal sells different versions of malware to their less experienced colleagues; providing them with distinct features, free upgrades, user manuals, custom advice for malware distribution, and more.<\/span><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Hi, <a href=\"https:\/\/twitter.com\/Steam_Support?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@Steam_Support<\/a> <a href=\"https:\/\/twitter.com\/steam_games?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@steam_games<\/a> <br>My items were stolen and the person is trying to rob me again right now. Need help. <a href=\"https:\/\/t.co\/ZoLQgLtRzv\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/ZoLQgLtRzv<\/a><\/p>\n<p>\u2014 Gui Dobri (@Guidobri) <a href=\"https:\/\/twitter.com\/Guidobri\/status\/706949160776437760?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 7, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>This kind of malicious software is very easy to use: roughly speaking. Even beginners can use it to enter the world of cybercrime, while an average developer could meet the challenges even better.<br>\nThe second reason that Steam Stealers are so popular is that they are cheap. While malware-as-a-service typically costs about $500 per sample, Steam Stealers are sold for as low as $3. Add $4 \u2014 and you\u2019ll get a complete user manual and the source code, so you can modify the malware yourself. Ok, that was a cheap one, but it\u2019s very hard to find stealers that cost more than 30.<\/p>\n<p>Another \u201cbonus\u201d offered at additional charge is a fake website creation. Cloning of a popular program or web-resource used by gamers is a very solid and profitable add-on to a malicious campaign that aims to steal users\u2019 credentials. For example, criminals can generate a fake copy of voice chats like <a href=\"https:\/\/www.teamspeak.com\/\" target=\"_blank\" rel=\"noopener nofollow\">TeamSpeak<\/a> or <a href=\"http:\/\/www.razerzone.com\/comms\" target=\"_blank\" rel=\"noopener nofollow\">RazerComms<\/a>, or popular image-sharing sites such as Lightshot or Imgur.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Take care and do not visit dangerous fake sites. Only \"<a href=\"https:\/\/t.co\/y7VDxMs9Fw\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/y7VDxMs9Fw<\/a>\" ist the original. <a href=\"https:\/\/t.co\/f37DMBolN9\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/f37DMBolN9<\/a><\/p>\n<p>\u2014 TeamSpeak (@teamspeak) <a href=\"https:\/\/twitter.com\/teamspeak\/status\/668691771082342400?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 23, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h3>Old new ways to steal<\/h3>\n<p>Fake \u201cSteam Login\u201d software, which sends stolen credentials to culprits is currently one of the most popular malware types as well. In some versions it sends the much-needed Steam Guard configuration files as well. It\u2019s coded in Microsoft\u2019s flagship language, C# so many people know how to write add-ons for it.<\/p>\n<p>Criminals have learned the lesson of the tower of Babel. The entire source code of this malware is documented and available in the criminal\u2019s language of choice, increasing the likelihood of a successful attack. Distributing the malware and targeting different regions or specific countries can sometimes be done simply by targeting a particular game known to be popular in the region.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How G2A and other stolen Steam key marketplaces are enabling credit card fraud and hurting game developers:   \u2026 <a href=\"https:\/\/t.co\/Oj5ju81sIO\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Oj5ju81sIO<\/a><\/p>\n<p>\u2014 Starcraft Reddit (@RedditStarcraft) <a href=\"https:\/\/twitter.com\/RedditStarcraft\/status\/706925103146094594?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 7, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>For example, having an active Steam Stealing \u201cindustry\u201d in Russia and other parts of Russian-speaking Eastern Europe means that local residents are bound to find a stealer with a regionalized version in the Russian language. Steam platform is extremely popular in Russia, with Counter-Strike: Global Offensive as one of the most played games.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Gamers beware: modders are creating fake GTA5 mods \u2013 <a href=\"http:\/\/t.co\/GAW51O4XGq\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/GAW51O4XGq<\/a> <a href=\"http:\/\/t.co\/HsrHPEj84x\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/HsrHPEj84x<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/600569117607895041?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">May 19, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>During the investigation we also noticed that the old-known fraud methods were evolving: fake screenshots got better, duplicate sites improved, delivery methods became more diverse and bots got better in mimicking human behavior. Now it\u2019s clear: the number of threats specially tailored for stealing Steam property will only grow, as 2016 has only just begun. If you wish you can read more about our <a href=\"https:\/\/securelist.com\/blog\/research\/74137\/all-your-creds-are-belong-to-us\/\" target=\"_blank\" rel=\"noopener noreferrer\">research at Securelist.com<\/a>.<\/p>\n<h3>What Valve does to protect its users?<\/h3>\n<p>On the 2015 holiday season, Valve\u2019s digital distribution platform reached <a href=\"http:\/\/www.ign.com\/articles\/2016\/01\/03\/steam-surpasses-12-million-concurrent-users\" target=\"_blank\" rel=\"noopener nofollow\">an impressive milestone of 12 million concurrent users<\/a>. As you can see there are a lot of potential victims to attract even more greedy hackers to the Steam.<\/p>\n<p>Valve is rather concerned about the criminal business, that\u2019s blooming on its leading gaming platform. It is adding a lot of new security measures. The bad guys also continue to look for potential vulnerabilities and new loopholes. It\u2019s a continuous battle where the winner needs to always be one step ahead.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Valve Patches Password Reset Vulnerability in <a href=\"https:\/\/twitter.com\/hashtag\/Steam?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Steam<\/a>: <a href=\"https:\/\/t.co\/O64li0r03x\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/O64li0r03x<\/a> via <a href=\"https:\/\/twitter.com\/threatpost?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@threatpost<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/gaming?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#gaming<\/a> <a href=\"http:\/\/t.co\/yM5LGOSab8\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/yM5LGOSab8<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/625736149269651456?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 27, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The problem is that Steam is designed for entertainment. This service will always have to balance between safety considerations and ease of use. Many gamers are not ready to sacrifice their comfort for the sake of security. So if the service doesn\u2019t win this battle for you, you\u2019ve got to take it in to your own hands.<\/p>\n<h3>I want to protect my Steam Account. What should I do?<\/h3>\n<ul>\n<li>Keep up with Steam\u2019s updates and new security features.<\/li>\n<li>Read about <a href=\"https:\/\/www.kaspersky.co.za\/blog\/steam-scam\/11317\/\" target=\"_blank\" rel=\"noopener\">the most widespread methods<\/a> of Steam fraud.<\/li>\n<li>Enable two-factor authentication via Steam Guard.<\/li>\n<li>Beware of phishing campaigns, which would likely send direct messages and use fake websites to fool you. And, yes, get familiar with what phishing is and <a href=\"https:\/\/www.kaspersky.co.za\/blog\/phishing-ten-tips\/10550\/\" target=\"_blank\" rel=\"noopener\"><span class=\"s4\">how to protect yourself<\/span><\/a>, if you haven\u2019t done that already.<\/li>\n<li>Always keep your <a href=\"https:\/\/www.kaspersky.com\/advert\/multi-device-security?redef=1&amp;THRU&amp;reseller=gl_KDpost_pro_ona_smm__onl_b2c_kasperskydaily_lnk____kismd___&amp;_ga=1.185358762.2011776415.1457523677\" target=\"_blank\" rel=\"noopener nofollow\">security solution<\/a> up to date and never disable it. Kaspersky Internet Security has a special <a href=\"http:\/\/support.kaspersky.com\/11215\" target=\"_blank\" rel=\"noopener\"><span class=\"s4\">Gaming Mode<\/span><\/a> \u2014 once the game is in full screen mode, the security solution won\u2019t perform any tasks that impact performance and won\u2019t interrupt you at all.<\/li>\n<\/ul>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Security<\/a> tips for <a href=\"https:\/\/twitter.com\/hashtag\/gamers?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#gamers<\/a>: <a href=\"https:\/\/t.co\/tBfI5TrvU5\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/tBfI5TrvU5<\/a> via <a href=\"https:\/\/twitter.com\/kaspersky?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@kaspersky<\/a>  <a href=\"https:\/\/twitter.com\/hashtag\/phishing?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#phishing<\/a> <a href=\"http:\/\/t.co\/wg79zP3jl1\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/wg79zP3jl1<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/553217134361604096?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 8, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>As you might know, criminals aim for numbers and if breaking you means too much trouble they would likely move on to the next target.<\/p>\n<p>You should also have a look at Steam\u2019s own security library and follow its recommendations. We highly recommend that you pay attention to these articles:<\/p>\n<ul>\n<li><a href=\"https:\/\/support.steampowered.com\/kb_article.php?ref=1266-OAFV-8478\" target=\"_blank\" rel=\"noopener nofollow\">Account security recommendations<\/a><\/li>\n<li><a href=\"https:\/\/steamcommunity.com\/actions\/ReportSuspiciousLogin\" target=\"_blank\" rel=\"noopener nofollow\">Account phishing<\/a><\/li>\n<li><a href=\"https:\/\/support.steampowered.com\/kb_article.php?ref=6633-TANM-9707\" target=\"_blank\" rel=\"noopener nofollow\">Items traded from stolen account<\/a><\/li>\n<li><a href=\"https:\/\/support.steampowered.com\/kb_article.php?ref=2347-QDFN-4366\" target=\"_blank\" rel=\"noopener nofollow\">Recovering a stolen or hijacked steam account<\/a><\/li>\n<li><a href=\"https:\/\/support.steampowered.com\/kb_article.php?ref=9958-MJDG-3003\" target=\"_blank\" rel=\"noopener nofollow\">Steam item restoration policy<\/a><\/li>\n<li><a href=\"https:\/\/support.steampowered.com\/kb_article.php?ref=6748-ETSG-5417\" target=\"_blank\" rel=\"noopener nofollow\">Steam trading and gifting Knowledge Base<\/a><\/li>\n<\/ul>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Security and Trading: Update<a href=\"https:\/\/t.co\/Huw6zcjbPH\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/Huw6zcjbPH<\/a><\/p>\n<p>\u2014 Steam Support (@Steam_Support) <a href=\"https:\/\/twitter.com\/Steam_Support\/status\/705024615811149825?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 2, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Criminals hijack 77,000 Steam accounts every month.<\/p>\n","protected":false},"author":522,"featured_media":11566,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2670],"tags":[93,1161,647,1456,36,442,363,732,164],"class_list":{"0":"post-11560","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-cybercriminals","10":"tag-finance","11":"tag-gamers","12":"tag-investigation","13":"tag-malware-2","14":"tag-online-gaming","15":"tag-personal-data","16":"tag-research","17":"tag-steam"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/stealing-steam-accounts\/11560\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/stealing-steam-accounts\/6859\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/stealing-steam-accounts\/6837\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/stealing-steam-accounts\/7941\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/stealing-steam-accounts\/7714\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/stealing-steam-accounts\/11239\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/stealing-steam-accounts\/11560\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/stealing-steam-accounts\/7240\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/stealing-steam-accounts\/10758\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/stealing-steam-accounts\/11239\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/stealing-steam-accounts\/11560\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/cybercriminals\/","name":"cybercriminals"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/11560","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/522"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=11560"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/11560\/revisions"}],"predecessor-version":[{"id":26672,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/11560\/revisions\/26672"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/11566"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=11560"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=11560"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=11560"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}