Cybercriminals might be paying more for your Steam password than you spend on games. Security researchers have uncovered a new form of malicious software that makes it possible for attackers to steal a Steam user's log-in credentials, credit card information and access to their content on the gaming network.
Hackers break into about 77,000 Steam user accounts every month, researchers at Kaspersky Labs revealed Tuesday, thanks to a form of malware known as “Steam Stealer.” Steam, owned by Valve Corp., is an Internet-based video game distribution network that offers multiplayer gaming and social media interaction. The 140 million members make purchases with a credit card number and may reveal additional information about themselves in their dealings with other players.
But the new research from Kaspersky makes it clear that hacking Steam has become so routine that it's offered as an on-demand service on dark net forums. Hijacked credentials can go for $15 on the black market, and the Steam Stealer malware has been spotted in action more than 1,200 times. The prevalence of the malware also makes it accessible to those without the technical know-how usually required to launch profitable cyberattacks.
“One of the reasons behind the growth of specific malware targeting gamers has been the simplicity behind its operation and the ubiquity of its offering,” researcher Santiago Pontiroli wrote in an explanation. “The focus on selling stealers to anyone with money to spend means that a staggering number of script kiddies and technically challenged individuals resort to this type of threat as their malware of choice to enter the cybercrime scene.”