New Variant of Ramnit Embezzles Data of Steam Users

Security researchers of security firm Trusteer have stumbled upon a new version of the infamous Ramnit malware which is being employed by scammers to embezzle sensitive credentials of users of Steam, a well-known video game distribution service.

According to security experts, Ramnit employs 'HTML' injection to attain its goals and it is capable of not only bypassing the password encryption of the site but also makes sure that the assault is not identified by the server it targets.

In the primary phase of the assault, Ramnit infuses an appeal for password when Steam users login with their credentials. This particular request permits the menace to bypass the encryption of clients and get hold of the 'password' in plain text.

The difficulty with this method is that the password is recorded in a fresh constituent tagged "pwd2." As the Steam server is not expectant of receiving this constituent at the time of submission of form, most likely an alarm will be elicited and the malevolent attempt will be detected.

To evade detection Ramnit makes sure that the server by no means witnesses the injection and it removes the injected element preceding to the form that is being send to the website.

"One might inquire: why do cyber crooks go through all the pains of inserting an element and then eliminating it when they (cybercriminals) can simply gather the data by using Ramnit's keylogging capability? The answer to this question is simple: by employing form grabbing, the scammer can effortlessly index the gathered details. When a keylogger is employed, there's no hint of which characters are the username, the password and which are irrelevant keystrokes," blogged Trusteer Fraud Prevention Manager Etay Maor, as published by trusteer.com on August 19, 2013.

Steam is a perfect target for malware attacks because it has 50-70% market share with 2,000 titles and over 54 million active users. This is not the first time that Steam has been attacked by cybercriminals as phishing attacks and malware (Stealing credentials) have been attacking Steam users for several years. Maor concludes that Ramnit uses much advanced techniques to collect data as well as to evade detection.

» SPAMfighter News - 8/27/2013