Aiming to capitalize on the multi-billion gaming market, cybercriminals actively data mine their botnets for accounting credentials, not just for popular gaming platforms, but also the actual activation keys for some of the most popular games on the market.
A newly launched e-shop aims to monetize stolen accounting credentials, not just for gaming platforms/popular games such as Origin and Uplay, but also for a variety of online services such as Hulu Plus, Spotify, Skype, Twitter, Instagram, Tumblr and Freelancer. How much does it cost to buy pre-ordered access to Battlefield 4? What about a compromised Netflix or Spotify account? Let’s find out.
Sample screenshot of the actual advertisement:
Prices for the compromised gaming accounts:
Crysis 3 – $2.50
Dead Space 3 – $2.50
Sim City – $2.50
Battlefield 4 – $4.50
Battlefield 3 – $0.50
FIFA 13 – $2.50
Far Cry 3 – $3
Assassin’s Creed 3 – $3
Prices for the compromised accounts:
Crossfire – 10 accounts go for $2
Hulu Plus – 1 account goes for $3
Netflix – 1 account goes for $0.50
Twitter – 100 accounts go for $3
Instagram – 100 accounts go for $3
Tumblr – 100 accounts go for $3
Accepted payment methods: Webmoney, Bitcoin, PayPal, Litecoins, Payza, Moneybookers/skrill
This international underground market ad is a great example of penetration pricing, by undercutting the country/region based prices for specific items — for instance games — in an attempt by the cybercriminal behind the shop to achieve asset liquidity for the compromised items. Based on the feedback provided by “happy customers” of this e-shop, we can conclude that this is not a one-time inventory of compromised assets, but a long-term operation which we believe is fueled by an ongoing botnet operation relying on commercially/publicly obtainable DIY (do-it-yourself) malware generating tools, in combination with malware crypting services.
We advise Webroot SecureAnywhere users to familiarize themselves with the security/privacy features offered by each and every Web service that they’re using, and to ensure that they’re taking full advantage of these features in an attempt to detect and prevent eventual compromise of their accounts.