Over the past decade, Steam has become the go-to storefront for many PC gamers looking to expand their libraries. However, with its massive user base, the service has become a target for criminals — and new information from Kaspersky suggests that the tools these wrongdoers are using are becoming more sophisticated.
A new piece of malware, thought to originate in Russia, is being implemented to gain unlawful access to Steam accounts, according to a report from Hexus. Various different versions of this “Steam stealer” exploit are being shopped around the dark corners of the Internet, with prices apparently starting at around $30.
The malware uses two main forms of attack to target users. It can be distributed via fake websites purporting to be legitimate, or through instant messages sent via Steam infrastructure — the latter being a method that’s plagued the service for some time, and has prompted Valve to encourage vigilance among users.
Once the malware finds its target, it steals a set of Steam configuration files, including login data. With that in hand, the entity responsible can access the user’s account, at which point they could potentially cause havoc by rifling through the contents of their inventory or simply making unauthorized purchases.
Kaspersky reports that more than 1,200 samples of different Steam stealer tools have been recorded internationally. The United States, Russia, France, Germany, India, and Brazil are the regions that are being affected most heavily affected by these attacks at this time.
From a user standpoint, the best practices you can employ to steer clear of these attacks are to keep your security software up to date, to be careful on unfamiliar websites, and to treat correspondence from unknown users on Steam with suspicion. Taking advantage of Steam’s two-factor authentication functionality is also recommended.
- Google will warn businesses if state-sponsored hackers target G Suite users
- Google’s Titan Key ensures your phone and apps are virtually unhackable
- Google to shut down Google+ after exposure of 500,000 users’ data
- Hacked Chrome extension disguised as legitimate version steals logins
- Attacker stole user data from Reddit through employee accounts