Colombo, Sri Lanka | New research from cybersecurity firm Kaspersky has uncovered a significant risk to Sri Lanka’s gaming community and corporate sector, revealing that at least 10,877 gaming accounts were compromised by infostealer malware in 2024. This finding is part of a broader global pattern highlighted during Kaspersky’s recent Cyber Security Weekend event in Da Nang, Vietnam.
Infostealer malware, known for silently extracting sensitive user data, led to the exposure of over 11 million gaming accounts worldwide last year. The Steam platform was the hardest hit, with nearly 5.7 million accounts affected, while other major services like Epic Games Store, Battle.net, Ubisoft Connect, GOG, and the EA app collectively saw over 6.2 million compromised accounts.
Polina Tretyak, a Digital Footprint Intelligence Analyst at Kaspersky, explained that cybercriminals often use deceptive tactics such as fake cheat links and game modifications shared on popular platforms like YouTube. When users download these malicious files, their devices become infected, allowing malware to steal logins, passwords, cookies, financial details, and even crypto wallet information.
Crucially, the threat extends beyond gamers’ personal data. Kaspersky’s report found that 7 percent of compromised accounts were registered using corporate email addresses, creating dangerous vulnerabilities for businesses. Reusing passwords across personal and work accounts may give attackers access to sensitive corporate systems.
Stolen data fuels a thriving underground market where “malware log files” are traded, sometimes via subscription services costing up to $200 for two months of access. Account values vary widely — from as little as 12 cents for empty profiles to as much as $2,500 for accounts with rare in-game assets.
Although Sri Lanka’s figure is lower compared to regional neighbours — with Thailand leading at nearly 163,000 compromised accounts — the risk remains pressing. The Philippines and Vietnam recorded over 93,000 and 88,000 compromised accounts respectively.
Kaspersky urges immediate action for both individuals and businesses. Users suspecting compromise should perform thorough antivirus scans and promptly change all affected passwords, using strong and unique credentials. Organizations are advised to adopt dark web monitoring services and implement robust endpoint security solutions.
Employee education is vital, particularly regarding the risks of using corporate emails for personal accounts and downloading unverified software.
“The boundary between personal hobbies and corporate security is increasingly blurred,” Tretyak noted, emphasizing the persistent and evolving nature of cyber threats. “You may not rest, there are monsters nearby.”
This research highlights the urgent need for heightened cybersecurity awareness and proactive defense in the face of growing digital risks affecting both individual gamers and the corporate world.
Leave a comment