Kaspersky reviews password stealers that target gaming
Password stealers are a type of Trojan malware, designed to steal account data – from gaming session tokens or login details, to nearly any information saved on a computer. This can include cookie files, login credentials and passwords saved on a browser, along with a lot more. In some instances, stealing gaming details is just one of the malware’s functions, and online banking passwords are also of interest. During this period of remote working and social distancing, it is understandable and logical for many people to turn to their devices for entertainment. Acknowledging that this may also inspire cybercriminals to carry out attacks, Kaspersky analyzed the password stealer landscape to see how vulnerable users could be. Threat analysis presented four malware families—Kpot, BetaBot, Okasidis and Thief Stealer, which all carry an interesting Trojan specimen. For instance, Kpot Trojan can steal cookie files, accounts from various messengers, and one of the gaming platform’s session tokens. By obtaining session token data, cybercriminals do not get access to the user’s login and password details, however, they can quickly resell all valuable in-game attributes. Other Trojan specimens, such as Okasidis and Thief Stealer, focus on stealing specific files from game-related folders on the infected computer. Trojan stealers can also retrieve browser data. For example, BetaBot targets a number of popular gaming platforms in the following way: if a user visits a URL, which contains specific keywords, the malware turns on data gathering on these pages. This allows logins and passwords entered on the page to fall into criminals’ hands. What is particularly interesting regarding all the observed Trojans, is that they are virtually unnoticeable to users. In all cases, the Trojans are not visible to the user as they do not demand any extra permissions or send fake alerts—they just quietly steal data. It is important to note that these Trojans do not exploit any platform vulnerabilities, as they purely focus on gathering data from an infected device.