Modern Internet threats for players - Trojans and ransomware

According to a study conducted by Doctor Web, Internet users do not appreciate the forces of threats they have to face every day in the global network. Malware and cybercriminals attack from all sides, and only 15 percent of respondents are aware that they may be victims of a hacker attack or drive by download attack. In turn, only a third of respondents believe that modern malware is not a threat to them, and the vast majority of people think that cybercriminals and online fraudsters are not interested in their personal data. Are you sure?

The survey was conducted among the players, so among people who would appear to be stumbling over viruses personally, or only on news portals. What's more, there is still a large group of players who approach quite unreasonably to the aspects of threats and do not install antivirus software, because it believes that anti-viruses slow down the computer.

What data are the cybercriminals interested in?

Everything you can earn from. They are interested in logins and passwords for online game accounts, access data for the Steam platform, high-level characters, purchased weapons, armor or additional skills. The more information they have stolen, the more they can earn on it, and the prices of such data range from a dozen to several hundred dollars.


blog.securitymetrics.com

How to steal data?

With the help of malicious software, usually a Trojan horse with keylogging and spyware functions. One such virus is Trojan.SteamLogger.1 detected by the Dr. Web, which is designed to steal valuable resources from games, tools, artifacts, data from Steam accounts. In the case of the SteamLogger Trojan, targets such as Dota 2, Counter-Strike: Global Offensive, and Team Fortress 2 were targeted.

The Trojan SteamLogger consists of three modules, a dropper that decrypts and extracts two more modules - one of which loads into RAM, the other downloads graphics from the attacker's FTP server, saves them to the temporary directory and displays the user on the screen encouraging sales offers or purchase of different items - of course, after clicking the victim is directed to a fake page that collects the logins, passwords and other information.

Trojan SteamLogger can steal users' items from Dota 2, Counter-Strike: Global Offensive and Team Fortress 2 games. Additionally, it saves the sequence of the selected keys and provides this information to criminals.

After running all modules, the Trojan checks if the user is logged in to his Steam account. If it is not, the malicious program will wait for the moment the user authenticates to the server and then extract information from the Steam profile and transfer it to the offender. If automatic authorization is disabled in the Steam settings, the malware will launch the keylogger and will log all the keystroke information that will be sent to the attacker in 15 second intervals.

What do cybercriminals gain?

Of course, real money - from the sale of accounts and stolen gaming items. Accepted access data to the account can be later used for phishing attacks on other users. Criminals pretending to be a victim can easily send fake messages about the game developer's promotion to other users and your friends - of course, on a malicious website that will be used to collect access data for subsequent innocent victims or the spread of malicious software.

If we are talking about players, we must mention the wreaking havoc among this group of users of the virus, which not only encrypts popular files on the disk, but above all was written to encrypt files responsible for recording the progress of computer games.

You can read more about the threat of TeslaCrypt in the article titled " TeslaCrypt 2.0 - a new threat for players ".



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.