A new piece of malware, thought to originate in Russia, is being implemented to gain unlawful access to Steam accounts, according to a report from Hexus. Various different versions of this “Steam stealer” exploit are being shopped around the dark corners of the Internet, with prices apparently starting at around $30.
The malware uses two main forms of attack to target users. It can be distributed via fake websites purporting to be legitimate, or through instant messages sent via Steam infrastructure — the latter being a method that’s plagued the service for some time, and has prompted Valve to encourage vigilance among users.
Once the malware finds its target, it steals a set of Steam configuration files, including login data. With that in hand, the entity responsible can access the user’s account, at which point they could potentially cause havoc by rifling through the contents of their inventory or simply making unauthorized purchases.
Kaspersky reports that more than 1,200 samples of different Steam stealer tools have been recorded internationally. The United States, Russia, France, Germany, India, and Brazil are the regions that are being affected most heavily affected by these attacks at this time.
From a user standpoint, the best practices you can employ to steer clear of these attacks are to keep your security software up to date, to be careful on unfamiliar websites, and to treat correspondence from unknown users on Steam with suspicion. Taking advantage of Steam’s two-factor authentication functionality is also recommended.
