Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
How does a gaming platform help you bypass company protection?
According to experts from the Solar Group of Companies, hackers have begun to actively use the largest online gaming platform Steam to organize cyberattacks. Specialists from the Solar 4RAYS cyber threat research center have revealed that attackers create accounts on this platform and hide information about malware command-and-control servers in their descriptions. In this case, the virus from the infected infrastructure does not directly address the suspicious IP address, but to a legitimate resource, which greatly complicates the detection of malicious activity and the timely blocking of the attack, analysts say.
Hackers use a technique called Dead Drop Resolver. It consists in the fact that cybercriminals post content on legitimate online platforms that contain information about C&C (C2 servers) from which malware is controlled. This data can be published both in encrypted form and in plaintext. After infecting the system, malware accesses such a resource and receives the C2 address from there.
Experts emphasize that at the moment, stealers are mainly distributed through Steam - viruses designed to steal passwords and other confidential information. However, the scheme can be applied to spread any type of malware. In addition to Steam, attackers use Pastebin, YouTube, Telegram, and even X (formerly Twitter) platforms for such purposes.
The Dead Drop Resolver technique allows hackers to create a more resilient infrastructure for C2 servers, as they can update information about available command and control servers at any time, experts say. Requests to legitimate resources such as Steam do not raise suspicion on corporate networks, which makes it much more difficult to detect malicious activity. At the same time, malicious files that infect devices do not clearly indicate a C&C server or malware configuration, which further complicates their identification.
At the moment, the Steam platform is actively used to distribute stealers such as MetaStealer, Vidar, Lumma and ACR, which steal credentials, browser information, data about programs and processes, as well as correspondence and crypto wallet data. These attacks can have serious consequences for companies, especially if malware is not detected in time. Experts recommend that security services pay attention to any suspicious requests to the Steam platform from corporate networks, as this may indicate the presence of malicious activity.
Stealers such as MetaStealer, Vidar, Lumma and ACR, actively distributed through Steam, are capable of stealing a wide range of data: passwords, lists of installed programs, information about running processes, correspondence in instant messengers, crypto wallets and other confidential information. The consequences of such attacks can be critical for companies, which makes it necessary to strengthen IT security controls. Solar Group recommends that security services pay attention to suspicious requests to Steam from corporate networks, as this may indicate the presence of malware.
Steam is the world's largest platform for the digital distribution of video games, developed by Valve. The monthly active audience of the platform is about 132 million users. The platform provides access not only to games but also to various social features such as messaging, group creation, and cloud storage.
Source
According to experts from the Solar Group of Companies, hackers have begun to actively use the largest online gaming platform Steam to organize cyberattacks. Specialists from the Solar 4RAYS cyber threat research center have revealed that attackers create accounts on this platform and hide information about malware command-and-control servers in their descriptions. In this case, the virus from the infected infrastructure does not directly address the suspicious IP address, but to a legitimate resource, which greatly complicates the detection of malicious activity and the timely blocking of the attack, analysts say.
Hackers use a technique called Dead Drop Resolver. It consists in the fact that cybercriminals post content on legitimate online platforms that contain information about C&C (C2 servers) from which malware is controlled. This data can be published both in encrypted form and in plaintext. After infecting the system, malware accesses such a resource and receives the C2 address from there.
Experts emphasize that at the moment, stealers are mainly distributed through Steam - viruses designed to steal passwords and other confidential information. However, the scheme can be applied to spread any type of malware. In addition to Steam, attackers use Pastebin, YouTube, Telegram, and even X (formerly Twitter) platforms for such purposes.
The Dead Drop Resolver technique allows hackers to create a more resilient infrastructure for C2 servers, as they can update information about available command and control servers at any time, experts say. Requests to legitimate resources such as Steam do not raise suspicion on corporate networks, which makes it much more difficult to detect malicious activity. At the same time, malicious files that infect devices do not clearly indicate a C&C server or malware configuration, which further complicates their identification.
At the moment, the Steam platform is actively used to distribute stealers such as MetaStealer, Vidar, Lumma and ACR, which steal credentials, browser information, data about programs and processes, as well as correspondence and crypto wallet data. These attacks can have serious consequences for companies, especially if malware is not detected in time. Experts recommend that security services pay attention to any suspicious requests to the Steam platform from corporate networks, as this may indicate the presence of malicious activity.
Stealers such as MetaStealer, Vidar, Lumma and ACR, actively distributed through Steam, are capable of stealing a wide range of data: passwords, lists of installed programs, information about running processes, correspondence in instant messengers, crypto wallets and other confidential information. The consequences of such attacks can be critical for companies, which makes it necessary to strengthen IT security controls. Solar Group recommends that security services pay attention to suspicious requests to Steam from corporate networks, as this may indicate the presence of malware.
Steam is the world's largest platform for the digital distribution of video games, developed by Valve. The monthly active audience of the platform is about 132 million users. The platform provides access not only to games but also to various social features such as messaging, group creation, and cloud storage.
Source
