Boom in Steam account hijacking is due to cheap Steam Stealers

With over 125 million active users, Valve’s Steam is the most popular online gaming platform in the world and, consequently, forms a huge pool of targets for cyber crooks and scammers. After all, Steam accounts contain users’ personal and payment info, as well as offer the opportunity to earn money by trading away items users have accumulated.

“Account theft has been around since Steam began, but with the introduction of Steam Trading, the problem has increased twenty-fold as the number one complaint from our users,” Valve noted last December. According to the company’s own statistics, some 77,000 user accounts get hijacked every month.

Valve has implemented and continues to come up with new protective measures to prevent account credential theft, account hijackings and consequent fraudulent trades, but the number of criminals targeting Steam users is continually rising.

This steady increase is fueled, in part, by the Malware-as-a-Service approach taken by many Steam Stealer malware authors, security researchers Santiago Pontiroli and Bart P explained in a recently published whitepaper.

Thanks to malicious source code leaked on a Russian underground forum, malware developers have created many different strains of malware geared towards stealing Steam account credentials.

Many of these authors have opted against using their own malware, and have instead been offering it for use to other criminals. But, unlike what happened in the market for other types of malware (ransomware, banking Trojans), Steam Stealer packages are being sold cheaply: $15 is a starting price, and rarely goes beyond $30 for packages with more features, user manuals, upgrades.

These low prices attracted droves of script-kiddies and technically-challenged individuals who decided this type of operation is within their technical and financial capabilities.

“Every step of the process, from the initial malware distribution to obtaining a profit after the infection is completed, is documented in one of several guides available online (at a cost, of course). In this business model everything has a price and every individual goes above and beyond to make their offer more attractive to potential customers,” the researchers noted.

“With Steam Stealers, a ludicrously low price is usually asked of wannabe criminals for the use of the malware. For an extra cost, the full source code and a user manual is included in the package, making this scheme laughable and terrifying at the same time.”

Steam Stealers have evolved during the years. New and improved methods of hosting the malware, making it more difficult to spot and to analyze, and capable of bypassing Valve’s protections have been introduced bit by bit.

The latest preferred approaches are using fake Chrome extensions or JavaScript, scamming via gambling websites, fake gambling sites and deposit bots, using RATs to improve effectiveness, and AutoIT wrappers to make analysis and detection harder.

Inventory and trading scams are also often aimed at Steam users and popular with crooks.

While Valve and the security community continues to fight these threats, users can also do their bit to protect themselves.

“In terms of preventive measures, we recommend users familiarize themselves with Steam’s updates and new security features, and enable two-factor authentication via Steam Guard as a bare minimum,” the researchers advised.

“Bear in mind that propagation is mainly (but not solely) done either via fake cloned websites distributing the malware, or through a social engineering approach with direct messages to the victim. Always have your security solution up to date and never disable it; most products nowadays have a ‘gaming mode’ which will let you enjoy your games without getting any notifications until you are done playing.”

“Remember that cybercriminals aim for numbers and if it’s too much trouble they’ll move on to the next target,” they concluded.