14 DAY TRIAL // An individual in Australia is believed to be behind a new sample of malware that steals game items from the accounts of Steam users.
The malicious file is not too different in purpose from other stealers infecting Steam accounts and spreading to the list of friends available via chat messages, but at the moment its detection is quite low, which enforces the warning from security researchers to refrain from running executable files delivered through comments or communication in the chat.
Full support provided for handling the malware functions
It can get the Steam cookies and add the items to be stolen, and it spreads through comments left on profile pages or to friends, via chat messages.
Security expert Yonathan Klijnsma caught a number of 14 active Steam stealers towards the end of 2014 and ran through their code to better learn the mechanism behind them. All of them share similar code and have been created with the same tool.
SteamDouble.exe, one of the samples, stood out because of its smaller size, 69kb, compared to the 259kb of the rest.
After analyzing the malicious file, Klijnsma found that its name was Steam Stealer Extreme, a tool available online, sold by an individual in Australia who did a sloppy job at hiding his trail.
An image with the options in the builder for the stealer is also available on the website, as well as a detailed video presentation of the malware, posted on YouTube on December 28, 2014.
The administrator of the “business” published purchase information, which is obviously done with digital currency bitcoin.
Identity trail found via email address
However, it appears that he also left some contact details, namely an email address, which was also present in different data leaks published on Pastebin, leading to more information about the individual.
By following the trail left behind, armed with nothing but Google’s search engine, Klijnsma managed to identify the Steam profile of the person behind Steam Stealer Extreme, determining that he was from Australia.
The researcher would not disclose further details about the identity of the individual, but alleges that more information can be easily obtained, considering the amount of details that have been found based on his email address alone.
