Techaeris has written in the past about a Steam hack that can drain wallets faster than our own spending. It’s a real threat that we shouldn’t ignore. International Business Times reports, “Cybercriminals might be paying more for your Steam password than you spend on games.” Steam, itself says, “We see around 77,000 accounts hijacked and pillaged each month.” That may not sound like much, when you think in terms of millions of users. But that adds up to just shy of a million accounts in a year. Kaspersky has an interesting insight:
Steam Stealer works in a malware-as-a-service business model: it is available for sale in different versions, with distinct features, free upgrades, user manuals, custom advice for distribution, and more. When it comes to these types of malicious campaigns the usual starting price for “solutions” is in the range of $500 USD. However, Steam Stealers have a ludicrously low price, being commonly sold for no more than $30 USD. This makes the malware highly attractive for wannabe cybercriminals all around the world.
Kaspersky also shares how it’s done:
The propagation of Steam Stealers is mainly, but not solely, done either via fake cloned websites distributing the malware, or through a social engineering approach, where the victim is targeted with direct messages.
Once the malware is in the user’s system it steals the entire set of Steam configuration files. Once this is done it locates the specific Steam KeyValue file that contains user credentials, as well as the information that maintains a user’s session. When cybercriminals have obtained this information, they can control the user’s account.
Game hacking used to be script kiddie territory. Kaspersky suggests that cyber-criminals have awakened to the real value of gaming accounts. Which means that, in the future, Steam may not be the only game hacked. But Kaspersky also shares how to stay relatively safe:
To stay safe, users need an up-to-date security solution so they can enjoy their favourite games without the fear of being exploited. Most security products have a “gaming mode”, so that users can enjoy their games without getting any notifications until the end of their session. In a bid to help its own users stay safe, Steam also offers several security measures to protect accounts and increase the difficulty for hijacking mechanisms.
It is possible to game and still be worry free. But be diligent.