Gaming is not just a good business for developers and manufacturers, but is also quite viable for cybercriminals. Steam Stealer malware is constantly evolving and its goal is to steal online gaming credentials and sell them on the black market.
In an industry worth over an estimated hundred billion US dollars, gaming is not just big business for developers and manufacturers, but for cybercriminals too. Steam Stealer is a constantly evolving breed of malware that is responsible for hijacking the user accounts of the popular gaming platform, Steam. The malware’s goal is to steal online gaming items and user account credentials, and then resell them on the black market. It is distributed to cybercriminals under a malware-as-a-service business model with an extremely low entry price of up to $30 USD.
Steam is one of the most popular entertainment multi-OS distribution platforms. Owned by Valve, it has over 100 million registered users and several thousand games available for download worldwide. Its popularity makes it a large and attractive target for fraudster groups, who can sell Steam user credentials for $15 USD on the black market. According to recently published official Steam data, 77,000 Steam accounts are hijacked and pillaged every month.
According to Kaspersky Lab researcher, Santiago Pontiroli, and his independent research colleague Bart P., a new breed of malware known as Steam Stealer is the prime suspect in the pilfering of numerous user accounts from Valve’s flagship platform. The duo believes the malware was originally developed by Russian-speaking cybercriminals; they have found many language traces in several underground malware forums to suggest this.
Steam Stealer works in a malware-as-a-service business model: it is available for sale in different versions, with distinct features, free upgrades, user manuals, custom advice for distribution, and more. When it comes to these types of malicious campaigns the usual starting price for “solutions” is in the range of $500 USD. However, Steam Stealers have a ludicrously low price, being commonly sold for no more than $30 USD. This makes the malware highly attractive for ‘wannabe’ cybercriminals all around the world.
The propagation of Steam Stealers is mainly, but not solely, done either via fake cloned websites distributing the malware, or through a social engineering approach, where the victim is targeted with direct messages.
Once the malware is in the user’s system it steals the entire set of Steam configuration files. Once this is done it locates the specific Steam KeyValue file that contains user credentials, as well as the information that maintains a user’s session. When cybercriminals have obtained this information, they can control the user’s account.
Stealing gamer accounts was once a resource-light way for script kiddies to make a quick profit, by selling them on underground forums. Now however, criminals have realised the true market value of these accounts. The opportunities now lie in stealing and selling user gaming items that may be worth thousands of dollars. Organised cybercriminals simply don’t want to leave that money on the table.
Kaspersky Lab experts have discovered nearly 1200 samples of different Steam Stealers that have been attacking tens of thousands of users around the world, especially in Russia and other Eastern European countries, where Steam’s platform is extremely popular.
“The gaming community has become a highly desirable target for cybercriminals. There has been a clear evolution in the techniques used for infection and propagation, as well as the growing complexity of the malware itself, which has led to an increase in this type of activity. With gaming consoles adding more powerful components and the Internet of Things on our doorstep, this scenario looks like one that will continue to play out and become more complex. At Kaspersky Lab, we hope that our research will develop into an ongoing investigation, bringing a much-needed balance to the gaming ecosystem. Security should not be something developers think about afterwards but at an early stage of the game development process. We believe that cross-industry cooperation can help to improve this situation,” comments Santiago Pontiroli, Global Research & Analysis Team, Kaspersky Lab.
Kaspersky Lab detects Steam Stealers trojan groups as: Trojan.Downloader.Msil.Steamilik; Trojan.Msil.Steamilik; Trojan-psw.Msil.Steam amongst others. Targets of these trojans are largely spread around the globe with Russia, the US, Europe (France and Germany), India and Brazil, leading the way.
To stay safe, users need an up-to-date security solution so they can enjoy their favourite games without the fear of being exploited. Most security products have a “gaming mode”, such as the one in Kaspersky Internet Security, so that users can enjoy their games without getting any notifications until the end of their session. In a bid to help its own users stay safe, Steam also offers several security measures to protect accounts and increase the difficulty for hijacking mechanisms.
Samsung in lock-step with its rivals?
Tonight Samsung will kick off the next round in the smartphone wars with the S10 range, writes ARTHUR GOLDSTUCK.
When Samsung unveils the new S10 smartphone at an event in San Francisco today, it will mark the beginning of the 2019 round of World War S. That stands for smartphone wars, although Samsung would like it to be all about the S.
Ever since the launch of the Samsung Galaxy S4 in 2013, Samsung has held both technology and thought leadership in the handset world. Back then, Apple’s iPhone 5 was the last device from the American manufacturer that could lay claim to being the best smartphone in the world. With the 2013 launch of the iPhone 5s, Apple entered an era of incremental improvement, playing catch-up, and succumbing to market trends driven by its competitors.
Six years later, Samsung is fighting off the same threat. Its Chinese rival, Huawei, suddenly wrested away leadership in the past year, with the P20 Pro and Mate 20 Pro regarded as at last equal to the Samsung Galaxy S9 Plus and Galaxy Note 9 – if not superior. Certainly, from a cost perspective, Huawei took the lead with its more competitive prices, and therefore more value for money.
Huawei also succeeded where Apple failed: introducing more economical versions of its flagship phones. The iPhone 5c, SE and XR have all been disappointments in the sales department, mainly because the price difference was not massive enough to attract lower-income users. In contrast, the Lite editions of the Huawei P9, P10 and P20 have been huge successes, especially in South Africa.
Today, for the first time in half a decade, Samsung goes into battle on a field laid out by its competitors. It is expected to launch the Galaxy S10 Plus, S10 and S10 e, with the latter being the Samsung answer to the strategy of the iPhone XR and Huawei P20 Lite.
Does this mean Samsung is now in lock-step with its rivals, focused on matching their strategies rather than running ahead of them?
It may seem that way, but Samsung has a few tricks up its electronic sleeve. For example, it is possible it will use the S10 launch to announce its coming range of foldable phones, expected to be called the Galaxy X, Galaxy F, Galaxy Fold or Galaxy Flex. It previewed the technology at a developer conference in San Francisco last November, and this will be the ideal moment to reclaim technology leadership by going into production with foldables – even if the S10 range itself does not shoot out the lights.
However, the S10 handsets will look very different to their predecessors. First, before switching on the phone, they will be notable by the introduction of what is being called the punch-hole display, which breaks away from the current trend of having a notch at the top of the phone to house front-facing cameras and speakers. Instead, the punch-hole is a single round cut-out that will contain the front camera. It is the key element of Samsung’s “Infinity O” display – the O represents the punchhole – which will be the first truly edge-to-edge display, on the sides and top.
The S10 range will use the new Samsung user interface, One UI, also unveiled at the developer conference. It replaces the previous “skin”, unimaginatively called the Samsung Experience, to introduce a strong new interface brand.
One UI went live on the Note 8 last month, giving us a foretaste, and giving Samsung a chance to iron out the bugs in the field. It is a less cluttered interface, addressing one of the biggest complaints about most manufacturer skins. Only Nokia and Google Pixel handsets offer pure Android in the local market, but One UI is Samsung’s best compromise yet.
It introduces a new interaction area, in the bottom half, reachable with the thumb, with a viewing area at the top, allowing the user to work one-handed on the bottom area while still having apps or related content visible above. One UI also improves gesture navigation – the phone picks up hand movements without being touched – and notification management.
The S10 range will be the first phones to feature the latest Qualcomm Snapdragon 855 chip, at least for the South African and American markets. That makes it 5G compatible, for when this next generation of mobile broadband becomes available in these markets.
They will also be the first phones to feature Wi-Fi 6, the next generation of the Wi-Fi mobile wireless standard. It will perform better in congested areas, and data transfer will be up to 40% faster than the previous generation.
The phones will be the first to use ultrasound for fingerprint detection. If Samsung gets it right, this will make it the fastest in-screen fingerprint sensor on the market, and allows for a little leeway if one pushes the finger down slightly outside the fingerprint reader surface. It does mean, however, that screen protectors will have to be redesigned to avoid blocking the detection.
Not enough firsts? There are a few more.
Most notably, it will be the first phone range to feature 1 Terabyte (TB) storage – that’s a thousand Gigabytes (GB) – at least for the top-of-the-range devices. Samsung last month announced that it would be the first manufacturer to make 1TB built-in onboard flash storage. Today, it will deploy this massive advantage as it once again weaponises its technology in the fight for smartphone domination.
- Arthur Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter and Instagram on @art2gee
IoT set to improve authentication
By Sherry Zameer, Senior Vice President, Internet of Things Solutions for CISMEA region at Gemalto
As it rapidly approaches maturity, the Internet of Things (IoT) is set to continue a transformational trajectory, introducing new efficiencies in multiple fields by allowing measurement and analysis on a scale that has never been possible before. From agriculture to logistics, from retail to hospitality, from traffic to health, from the home to the office, the applications for monitoring ”things” are limited only by the imagination.
And South African (and African) businesses are showing abundant imagination in their practical deployments of IoT solutions in multiple settings, creating a better tomorrow through almost universal measurement and the introduction of new levels of convenience – including how to access locations, devices and services securely.
Any company, whether South African or international, should bear in mind that understanding consumer expectations can be the key to unlocking the full potential of IoT devices and related smart services.
According to Gemalto’s latest Connected Living study, improving the way consumers authenticate themselves to services is one of the most anticipated benefits of IoT, highlighting a desire for a more seamless and secure IoT experience.
Consumers are interested in advanced ways of authenticating themselves through automatic (based on behavioral patterns) or biometric techniques, lessening the need to have to intervene manually, all in the name of a much more streamlined authentication process. Smartphone manufacturers like Apple and Samsung have already placed fingerprint and facial recognition high on the agenda. There is also a widespread positive sentiment towards IoT’s potential for improving the quality of home life through connected, smart appliances.
Personalised services is something else that wins consumers over. In fact, a fluid, personalised and unified experience with continuity of services, together with security and privacy, is critical for the successful implementation of any technology.
And those types of services are today quite possible. With everything being connected – from small gadgets to digital solutions for large enterprises – IoT is no longer just a buzzword. That much is clear in a piece from Vodacom IoT managing executive Deon Liebenberg. Writing for IOL Online, Liebenberg provides insight into the sheer range of applications for IoT: the 20 use cases he cites range from the obvious, like transport and logistics, to the connected home and wearables; he even suggests tagging pets with IoT transmitters, for those who always need to know the whereabouts of the family cat.
Low-cost tags fitted to cats, dogs, lamp posts, shipping containers or other items are just one part of the puzzle, however. There are other two pieces; arguably the most complex part is the availability of communication networks in areas where there aren’t any WiFi networks, or indeed, anything else.
And that’s where the bigger takeaway from Liebenberg’s piece and other IoT trends articles becomes apparent. The communication networks are there, as are those tags: dedicated IoT networks (like LoraWAN, SigFox and narrowband IoT) are all available in South Africa.
So, too, is the third and final essential component. Software which is able to process the data generated by the tag and transmitted over the IoT network and into the internet. In this regard, there’s no shortage of solutions available from cloud providers like AWS and Azure; electronics giant Siemens, too, is in on the action, having recently launched a new cloud-based IoT operating system to develop applications and services for process industries, including oil and gas and water management.
This combination means it is quite possible right now to enable just about any use case. Business owners, who will know best how IoT can add value in their organisation, can now see their ideas becoming reality. Most crucial of all, IoT solutions delivering new levels of efficiency and convenience are not only possible, they are able to be offered with the simple and effective security that will drive consumer acceptance.