All Your Creds Are Belong To Us

Friday 7 October 11:00 - 11:30, Green room

Santiago Martin Pontiroli (Kasperky Lab)
Bart Parys (PwC)

With over 140 million registered users and more than 7,000 games available for download, Valve's multi-OS digital distribution platform offers a myriad of possibilities for gamers looking to enjoy the latest games not only from an always-on cloud-environment, but from one that provides an ever-growing community of like-minded enthusiasts. Steam has shown a steady growth in the number of active users registered in the platform, each one using a credit card to buy content, willingly providing personal information, and exchanging items with other network participants via in-game trades or traditional auctions. Security research has tragically ignored gaming malware under the false assumption that no real value is traded there. This blindspot is being abused by cybercriminals right under our noses to steal real money and effect real damage!

Organized crews from all over eastern Europe have been paying close attention to Steam's growing user base and the techniques and procedures offered by the company to secure their accounts, patiently waiting for an opportunity to come. Steam has been listening to its users and slowly adding new security measures. As always though, the bad guys are one step ahead and always on the lookout for potential vulnerabilities in how trades are being done in the platform and how credentials are stored in the user's system. After all, as a service designed for entertainment, Steam has the eternal problem of adding new measures that could protect some users while alienating others not willing to sacrifice their comfort when choosing to enjoy their favourite game.

With easy money on their minds, cybercriminals have developed a plethora of credential-stealing malware that recently displayed a clear evolution in terms of quantity and complexity, demonstrating a growing interest in the gaming crowd. Even though there are simply too many samples to choose from, we'll concentrate on the hands-on analysis of a .NET credential stealer made specifically for the Steam platform and on how the bad guys are modifying the code in each version to improve their campaign and monetize their creations. As Enrique Pena Nieto said, "behind every crime is a story of sadness". Let's analyse the story behind these malicious credential stealers, their victims, and how organized criminals are making money with these quite profitable schemes.

Click here for more details about the conference.


Santiago Martin Pontiroli

Santiago Pontiroli joined Kaspersky Lab as a security researcher in October 2013. His principal responsibilities include the analysis and investigation of security threats in the SOLA region (South of Latin America), web application security, the development of automatization tools stemming from threat intelligence studies and the reverse engineering of programs with malicious code.

Before joining Kaspersky Lab, Santiago served as Development Leader in Accenture for projects like Site Concept Studio and Avanade Connected Methods, where he supervised all technical aspects of his teams, developed and presented demos on the different platforms, and offered technical support to the sales team. Prior to Accenture, Santiago worked as a consultant for several companies providing support on access control software, system and network administration, server hardening and web application security.

Santiago holds degrees in systems engineering and systems analysis from the Universidad Tecnológica Nacional F.R.L.P in Buenos Aires, Argentina. He is fluent in English and Spanish.



Bart Parys

Bart has over a decade of experience in the IT industry.



We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.