As per its official blog post, BloodyStealer was discovered to have mainly affected PCs belonging to gamers and were lodged within the major gaming platforms, including Steam, Epic Games, Origin, GOG, and Bethesda. The antivirus company says that while the malware is still relatively new, it has already found victims within Europe, Latin America, and the Asia Pacific region. Worst still, the trojan is allegedly being sold on the underground market to threat actors as part of a malware-as-a-service (MaaS) distribution model, at a price of US$40 (~RM167) for a “lifetime license”. As for what it steals, the “official” advertisement for BloodyStealer states that it steals, passwords, cookies, bank card details, gaming account details, device data, screenshots, and even logs, the last item being of particularly popular demand. Games as well are not safe from the malware, with many games stolen with the trojan can be seen being sold on the dark web, and at less than US$1 (~RM4.18) in most situations.
To avoid becoming a victim of BloodyStealer, Kaspersky is preaching that people deploy what it calls “common sense” measures: strong passwords, 2-factor authentication (2FA), downloading apps from trusted sources, and simply not clicking on links provided by strangers in emails, or even those sordid links that are usually passed on by unknown numbers via messaging apps. For gamers, it also has a guide on how to maximise the security settings for all gaming platforms. (Source: Kaspersky)