Security experts uncover Steam malware suspected of hijacking 77K accounts per month

binary on a screen with words 'hacking attack'

Security experts have uncovered 'Steam Stealer' malware suspected of hijacking 77,000 Steam accounts per month.

Steam Stealer, discovered by Kaspersky researcher Santiago Pontiroli and independent researcher Bart P., has been observed in the wild in almost 1,200 instances.

Valve reports that almost 77,000 Steam accounts are stolen or compromised every month, and while some will be the victim of social engineering and spear-phishing campaigns, Steam Stealer and its variants are now suspected to be behind the vast majority of them.

The malware is believed to have been developed by Russian-speaking hackers and is sold for around 20 - much cheaper than the average malware package.

Supplied on a 'Malware-as-a-service' model, the packages contain detailed manuals and documentation and are designed to be easy to use.

Malicious packages are often distributed by fake web pages, or by direct messaging a Steam user and tricking them into opening a file with a malicious payload.

The software then exfiltrates their Steam config files and sifts through them to find the Steam KeyValue file - which contains login credentials - and the information maintaining a user's session.

Having gained control of the account, criminals can then flip the accounts for around 10 on the black market, giving the purchaser access to the original user's library of games and collectable inventory items.

The largest markets for compromised accounts appear to be in Russian and Eastern European territories, although instances have been observed worldwide.

"The gaming community has become a highly desirable target for cybercriminals," Pontiroli said. "There has been a clear evolution in the techniques used for infection and propagation, as well as the growing complexity of the malware itself, which has led to an increase in this type of activity."

Robust security solutions have been recommended as a good way to prevent cybercriminals from exploiting users' accounts, although Valve itself offers account protection services, in the form of its Steam Guard authentication tools.

Adam Shepherd

Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.

Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.

You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.