Steam Game steals $150,000

About this video

• Video Title: Steam Game steals $150,000
• Channel: PC Security Channel
• Speakers: Leo (implied, based on ending)
• Duration: 00:09:13

Overview

This video discusses how a Steam game called "Block Blasters" was used to distribute stealer malware, which stole approximately $150,000 from victims' crypto wallets and compromised their accounts. The video explains the malware's multi-stage infection process, its use of Telegram for command and control, and how attackers were tracked down. It also highlights the ease with which such malware can be created and distributed, warning viewers to be cautious about links to games, even on official platforms, and the importance of monitoring the dark web for compromised data.

Key takeaways

• Malware Distribution via Steam: The game "Block Blasters" on Steam was found to be downloading stealer malware disguised as a patch, leading to significant financial losses.
• Financial Impact: Victims lost around $150,000 due to the malware stealing funds from their cryptocurrency wallets.
• Attacker Tracking: The attackers were identified and their infrastructure exposed due to their use of Telegram for command and control, allowing for reverse engineering of the malware.
• Ease of Malware Creation: Modern stealer malware is relatively easy to set up using tools like Discord or Telegram webhooks, allowing attackers to steal data and disappear with minimal infrastructure.
• Multi-stage Infection: The malware employs a multi-stage process, starting with a BAT file, then a VBS script, and finally executing the main payload, often hidden within a password-protected archive to evade antivirus detection.
• Targeting Browsers: The stealer payload targets data from browsers like Chrome, Brave, and Edge, stealing cookies and login information to compromise accounts and spread further.
• Dark Web Monitoring: The video emphasizes the prevalence of stolen credentials and infected device logs being sold on the dark web, and suggests using services like Flare to monitor for personal information exposure.
• Platform Vulnerabilities: Major platforms like Steam and YouTube lack extensive human verification, making them susceptible to malware distribution.