Security Advisor

Ramnit Financial Malware Now Aimed at Steam Gamers

A variant of the popular "money in the bank" malware is now targeting the largest online game distributor.

A variant of the Ramnit financial malware that uses local HTML Web browser injections is targeting the popular digital PC game retailer Steam to snag users' login credentials.

While many may see this and fear that their Team Fortress 2 hats may be stolen or their DOTA 2 ranking may drop due to an inferiorly skilled gaming hacker, security firm Trusteer says the goal of the malware is to snag credit card numbers (along with user names and passwords) entered  by Steam users. And, the malware does this without switching any Steam alarms.

"In fact, some security solutions detect MitB [money in the bank] malware by looking for forms with injected elements," said Etay Maor, a security expert at Trusteer in a blog post.  "For example, if a form with a username and password is filled out by the user and sent to the website, the security product will scan to look for unknown elements that may indicate HTML injection malware."

This new Ramnit variant, which originally appeared in 2010, gets around this by removing the injection code before data is collected, which allows the attackers to get around the encryption used for the log-in form fields. Along with avoiding detection, it also allows the attackers to steal data that's already indexed -- no need to wade through what's a username and what's a password, it's already clearly displayed.

While Maor did say this isn't the first time the large online gaming distributor and its 54 million active users (50 percent of the entire digital PC gaming market) have been targeted -- mostly by phishing and other credential-stealing malware -- this is one of the more sophisticated attacks spotted in the wild towards Steam.

I've been a Steam user for years now and have been no stranger to phishing attack attempts sent through the client's built-in chat windows or through fraudulent e-mails that have been pretty easy to spot. However, the sophistication of this attack is due to the fact that the log-in and checkout screens are left unaltered -- how could you spot that the information field boxes won't encrypt and securely send your data to Steam?

You can't. But you shouldn't have to if you're keeping up-to-date with malware detection software.

Maor warns that this isn't the first non-banking corporation to be threatened by a Ramnit variant -- Trustee has seen an uptick in MitB malware attacks being repurposed to attack hospitality, dating, eCommerce and travel sites.

For a gaming industry that raked in over $78 billion last year and is expected to hit the $82 billion mark by the end of 2017, it's becoming just as juicy of a target as large financial corporations.

Have you ever been duped by any phishing or malware attacks in the world of virtual games? Share your stories with us in the comments below.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube