Threat Management, Incident Response, Malware, TDR

Steam Stealer malware attacks on gamers’ credentials gaining steam

Only in the world of online gaming can a real-life criminal hijack a “spaceship” and sell it for $1,000.

A new security report from Kaspersky Lab is shedding light on Steam Stealer, a growing family of malware that hackers are using to steal credentials for Valve Corporation's Steam online gaming platform, for eventual resale on the black market.

Kaspersky researcher Santiago Pontiroli and independent researcher “Bart P.” began a joint investigation into the malware about six months ago, looking to expose just how pervasive this cybercriminal phenomenon has become. What they found: almost 1,200 samples of different Steam Stealer malware, launching attacks on tens of thousands of users. The malware swipes not only credentials, but also premium gaming items—super weapons and powers that gamers earn by either leveling up or making online purchases. In an email interview with, Pontiroli said that in some instances, stolen gaming assets included “space shuttles or spaceships that sold for more than $1,000 per unit.”

“Since it can take a player years or an extreme amount of effort to achieve a game's goals and become an expert or ‘god,' the prices are often higher to reflect that work. It's incredible that in just a few seconds something like a spaceship can be stolen and then sold to a third party,” Pontiroli added.

The promise of such profits is especially alluring to budding cybercriminals, who can buy Steam Stealer on the black market for as little as $30 on a malware-as-a-service basis, the Kaspersky report explained.

These malware purchases even come with free upgrades, user manuals and other customer-friendly features. In contrast, many other malware solutions on the market start at $500 a pop, making Steam Stealer a bargain. Indeed, with stolen user credentials often going for $15 apiece on the black market, hackers can potentially get a return on their investment with just a couple sales of illegally obtained credentials. “Due to the worldwide infections and an average cost of basic victims' accounts, we believe the income for cybercriminals is actually impressive,” Pontiroli told

According to the Kaspersky, the malware is typically spread through malicious websites, as well as via social engineering tactics. Once downloaded, the malware steals everything necessary to control a user's account, including a comprehensive set of Steam configuration files, the specific Steam KeyValue file that contains a user's credentials, and the information that maintains a user's session.

Containing traces of Russian language in its coding, the Steam Stealer malware family includes such trojan groups as Trojan.Downloader.Msil.Steamilik, Trojan.Msil.Steamilik and Trojan-psw.Msil.Steam. Russian and Eastern European gamers have been the hardest hit so far, but the malware has also notably targeted players in the U.S., Western Europe, India and Brazil, the report noted.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.