Online game libraries are a great way to game no matter where you are but it does mean that you need to keep your account secure to prevent unauthorized access. All it takes is for a hacker to learn your username and password, and you've got an urgent customer support ticket on your hands at the absolute best.
Now, a particularly nasty virus called "BloodyStealer" is making the rounds that aim to steal your video game accounts. So, let's explore what this threat does and how to avoid it.
What Is BloodyStealer?
Kaspersky broke down how BloodyStealer works in a blog post, and by the looks of its analysis of the malware, it's a nasty package that all gamers need to take care not to download.
BloodyStealer is what's called "malware-as-a-service." This service is when malware developers sell their wares on the black market for others to use for their nefarious purposes. And because it was priced low at $ 10/month or $ 40 for life, anyone could download and use the tool.
The BloodyStealer malware uses multiple attack methods, but gamers need to take care of its ability to steal login credentials for online game library apps, such as Steam, Origin, and Good Old Games. It does this by hijacking a session and stealing the credentials as they're sent over.
If the account holder then does not have further login protection, the hacker has full access to the victim's account. And because your games are tied to the account, they get instant access to every game you've ever bought on it.
That's not all that BloodyStealer can do. Kaspersky lists passwords, device data, and screenshot-taking as part of the malware's arsenal, meaning it can steal more than just your games.
Why Do Scammers Want Game Accounts?
BloodyStealer has already had devastating effects on gamer's accounts. One BloodyStealer user reported a haul of 100,856 Steam accounts, 94,471 Epic accounts, and 46,244 Rockstar Games accounts, to name a few.
But why does a scammer want so many accounts? If someone got their hand on one, or 10, or even a 100 accounts, they'd have all the games they'd ever need. But over 100,000? Why so many?
As it happens, there is a second way that hackers can make use of game accounts. The black market is a hub for selling other people's accounts, and video game-related ones are no different. As such, a successful hacker can make a considerable profit by selling other people's libraries to interested buyers.
In fact, the user we mentioned above was listing accounts because they wanted to sell them on the black market. They advertised 280,000 accounts total and were selling the lot for $ 4000, a low price given the sheer number of games on all those accounts.
How to Stay Safe From BloodyStealer
BloodyStealer can steal your credentials, but it needs to get on your PC first to do anything. As such, continue practicing good habits such as only downloading files from official sources, not clicking suspicious links, and being wary of emails from outside sources.
However, there is a way to create an ironclad defense versus this kind of attack. BloodyStealer steals your username and password, but it cannot steal any two-factor authentication (2FA) you have set up.
If BloodyStealer does manage to steal a 2FA password, it won't do a great deal. That's because 2FA passwords are one-time use and only last a few seconds, so by the time the password lands in the hacker's hands, it's already expired.
As such, be sure to set up 2FA on all of your gaming accounts. Some platforms have their own built-in systems, like Steam Guard. Others accept third-party 2FA authenticators that you can enter a code into and enjoy the protection they provide.
Of course, this does mean you should use 2FA locks on your game library accounts to protect your hoard. However, games that don't live in a library may still have their own 2FA system you can use to protect yourself. Some of these games even give you free items if you add an authenticator to your account!
Staying Safe From BloodyStealer
While BloodyStealer can pose a massive security threat, there are ways to protect yourself from it. Now you know how to keep your gaming accounts from prying eyes.