Just for fun I decided to visualise all SteamStealer IPs I’ve encountered (till now). They are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others. They may also be a C&C for the malware, or fake gambling/lottery websites.
Any additional information can also be found on my blog:
Malware spreading via Steam chat
Additionally, be sure to read the paper I wrote with Santiago from Kaspersky about SteamStealers here: The evolution of malware targeting Steam accounts and inventory
Now for the fun part:
View SteamStealer IPs in a full screen map
Alternatively, check out the following map and stats:
|Virgin Islands, British||1|
|Moldova, Republic of||1|
As you can see, most of them are hosted in Russia; while the United Kingdom and The Netherlands rank second and third respectively.
Note: CloudFlare is gaining popularity in ‘hiding’ the real server IP address. CloudFlare IPs are not included.
That’s about it, hope you enjoyed! Please find below tools used to create the mapping.
SteamStealer IPs IOCs
This is a Security Bloggers Network syndicated blog post authored by Bart. Read the original post at: Blaze's Security Blog