BloodyStealer – The New Malware That Targets Gaming Platforms

Laptop on a table with gaming joystick and Trojan horse icon
Click here for a summary of this article
Summary: BloodyStealer - The New Malware That Targets Gaming Platforms

Security experts have recently discovered a trojan that steals several kinds of information from an infected device. The trojan, known as BloodyStealer, can capture game-related logs, desktop environment information, browser passwords, and banking information.

BloodyStealer is being widely used to target online gaming platforms, such as Origin, Steam, Epic Games Store, and GOG. It steals user account information, which is then sold on the dark web. The trojan uses complicated anti-analysis and anti-detection techniques that allow it to operate in the background without users having any knowledge that their device is infected.

There are some basic steps you can take to protect yourself from BloodyStealer. These are:

  1. Avoid opening spam emails or clicking on suspicious links.
  2. Use different and strong passwords for your online accounts.
  3. Have a reliable antivirus scanner installed and update it regularly.
  4. Enable 2FA on your devices for an added layer of security.
  5. Keep your operating system and software updated.

Learn more about BloodyStealer and how you can detect and remove it by giving the rest of the article a quick read!

You’ve just wound down a Fortnite session and are going to close the Epic Games Store. But you realize that there are some purchases in your store library that you hadn’t made. You continue to notice such unauthorized activity on your gaming account, including bank transactions. After some time, you lose account access because the password’s been changed. You panic.

If you’ve been through something like this, there’s a good chance that you’ve fallen victim to BloodyStealer.

BloodyStealer, as the name suggests, is a stealer trojan that is capable of extracting personal data such as log-in information, browser passwords, cookies, and even bank card details from your device.

It was discovered by the team at Kaspersky Labs in early 2021 and has been widely used to target gaming accounts. Popular gaming services such as Steam, Origin, Ubisoft, and Epic Games are all vulnerable to the virus.

We’ve put together this guide on what BloodyStealer is and how you can protect yourself from it.

What Is BloodyStealer? How Does It Work?

BloodyStealer is a new kind of trojan that lets hackers obtain various kinds of personal and sensitive information from the victim’s device. Let’s quickly understand what a trojan virus is.

Trojan Horse ComputerA trojan is basically malware that spreads by posing as a legitimate application or file. Users are tricked into downloading the infected files onto their devices because they seem genuine. Once downloaded, the trojan spreads and infects the entire file system. It allows the hacker to obtain valuable information and even remotely control the device.

BloodyStealer is a trojan created specifically to steal data such as cookies, passwords, banking information, screenshots, and app activity from your device. Thereafter, the collected data is sent to the hacker using Telegram or other encrypted communication platforms. All of this happens in the background, so you probably won’t even come to know that your device has been infected.

Its ability to obtain sensitive data and session information makes it a popular choice for targeting online gaming accounts. Hackers use it for grabbing information related to login credentials, browser passwords, and other game-related logs. Stolen accounts sell for a fraction of a genuine account’s price and are in high demand on the dark web.

BloodyStealer malware attacks have been detected in locations across the globe. Europe, Latin America, and the Asia-Pacific region have been particularly hard hit.

What makes BloodyStealer unique?

The BloodyStealer trojan is a pretty advanced information stealer. It has a few interesting capabilities that make it unique and also popular with hackers.

  1. The malware uses several anti-analysis methods which make it difficult for cybersecurity experts to identify it in the file system.
  2. It is also difficult to reverse engineer, as it uses packers and anti-debugging techniques, which again complicates malware analysis.
  3. Typical antivirus programs usually can’t detect BloodyStealer in the file system. Hence, it can continue to record data for weeks before it’s discovered.
  4. It can steal session information from online gaming platforms like Steam, Epic Games, GOG, Battle.net, and the Bethesda Launcher.
  5. The malware is available for a relatively cheap price. A month-long subscription costs around $10 on the underground market. A lifetime subscription is even cheaper at $40.

How Does BloodyStealer Infect the File System?

BloodyStealer makes use of attacks vectors that are commonly used by trojans to enter a device. The most common method is spam emails. Such emails are usually created to appear very similar to genuine emails you might receive from delivery companies or banks. An unsuspecting user might download mail attachments that contain the malware.

Fake applications are another vector through which BloodyStealer spreads. These include keygens, cheat engines, and activators. This is an effective way of spreading the malware as users usually turn off their antivirus when using a keygen or cheat engine.

Twitch and Discord, which are streaming, and communication platforms used by gamers, are also used to spread Bloody Stealer. Users receive messages containing links from bots or fake accounts. These messages relate to game updates or additional features.

However, there are a few ways to detect and remove a BloodyStealer infection from your devices.

How to Detect and Remove a BloodyStealer Infection

BloodyStealer operates in a very clandestine manner and can be difficult for the average user to detect. Luckily, the top antivirus providers have been able to identify its signature and put out patches to deal with it. Leading antivirus scanners have assigned the following detection names for BloodyStealer:

Antivirus ProgramDetection Name
Windows DefenderTrojan: Win32/Wacatac.B!ml
KasperskyHEUR: Trojan-Spy.MSIL.Stealer.gen
BitDefenderGen: Variant.Bulz.412085
KasperskyGen: Variant.Bulz.412085 (B)

If this detection name pops up after a scan, you can be sure that BloodyStealer has infected your device. Immediately quarantine or delete the infected files to prevent further damage.

However, there may be occasions when antivirus is unable to detect BloodyStealer. Check the background processes tab in Task Manager (Crtl + Shift + Esc) to be doubly sure that no unfamiliar processes are running.

How to Prevent a BloodyStealer Attack

As the old adage goes, prevention is always better than cure. That is certainly the case when it comes to BloodyStealer. So how exactly does one prevent their computers from being infected with BloodyStealer? Well, it mostly requires common sense and basic web hygiene. Or you could just follow this list we’ve put together:

Infographic showing how to prevent a BloodyStealer malware attack

  1. Do not open suspicious emails or click on dubious website links. Check out our article on phishing for some more tips on making your inbox spam-free.
  2.  Be wary of messages you receive in the game chat on gaming platforms. If they are from someone you don’t know, don’t open them.
  3. Use different passwords for different gaming platforms and social media apps. A password manager is a useful tool to set strong and diversified passwords.
  4. Have a reliable security solution installed on all your devices. Kaspersky ranks highly among antivirus scanners we’ve tested. It’s one of the few antivirus scanners that can work around BloodyStealer’s efficient anti-detection techniques.
  5. Enable two-factor authentication for your accounts on gaming platforms like EA Origin and Steam. This adds an extra layer of security and makes hacking far more difficult.
  6. Keep your operating system, browser, and other applications updated. Developers are regularly releasing patches to protect against vulnerabilities that trojans exploit.

Conclusion

BloodyStealer, like all other trojans, preys on errors in judgment by users. It exploits the fact that most users have a hard time distinguishing between genuine and fake emails, messages, and software. So, the best way to avoid a BloodyStealer infection is to be skeptical of most unsolicited mails and messages.

Also, stick to reliable sources for your downloads. If you suspect that your device is infected, install a reliable antivirus and do a complete scan.

BloodyStealer: Frequently Asked Questions

A trojan like BloodyStealer throws up several questions and concerns for most readers. We answer some of the most frequently asked questions in the section below:

BloodyStealer is a trojan virus capable of collecting various kinds of personal information and data. It can capture browser passwords, login information, game-related logs and session information. This makes it an ideal tool to target accounts on online gaming platforms like Steam, Epic Games, EA Origin and GOG.

Our guide on BloodyStealer provides more information on the virus and explains how you can prevent it.

Trojan viruses spread by posing as legitimates links, messages or software that users click on or download. Once they’ve infected the device, trojans can send personal information and data and even enable the hacker to remotely control your device.

Check out our guide for more information on the different kinds of trojan viruses and what you can do to prevent infections.

BloodyStealer operates in a very clandestine manner and is often hard to detect manually. Users should keep an eye out for any suspicious or unauthorized activity on their gaming and social media accounts as well as their banks and credit cards.

It’s also important to have a reliable antivirus scanner installed. Users should keep it updated and run regular scans to detect a BloodyStealer infection.

Tech journalist
Mohit is a legal and public policy researcher whose work focuses largely on technology regulation. At VPNOverview, he writes about cybersecurity, cryptocurrencies and sports events.