Just for fun I decided to visualise all SteamStealer IPs I've encountered (till now). They are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others. They may also be a C&C for the malware, or fake gambling/lottery websites.
Any additional information can also be found on my blog:
Malware spreading via Steam chat Additionally, be sure to read the paper I wrote with
Santiago from Kaspersky about SteamStealers here:
The evolution of malware targeting Steam accounts and inventoryNow for the fun part:
View SteamStealer IPs in a full screen mapAlternatively, check out the following map and stats:
a
| Country | Count |
| Russian Federation | 163 |
| United Kingdom | 19 |
| Netherlands | 18 |
| United States | 14 |
| Germany | 9 |
| Ukraine | 6 |
| France | 6 |
| Poland | 4 |
| Romania | 1 |
| Italy | 1 |
| Czech Republic | 1 |
| Canada | 1 |
| Australia | 1 |
| Belarus | 1 |
| Belize | 1 |
| Kazakhstan | 1 |
| Virgin Islands, British | 1 |
| Spain | 1 |
| Moldova, Republic of | 1 |
As you can see, most of them are hosted in Russia; while the United Kingdom and The Netherlands rank second and third respectively.
Note: CloudFlare is gaining popularity in 'hiding' the real server IP address. CloudFlare IPs are
not included.
That's about it, hope you enjoyed! Please find below tools used to create the mapping.
ResourcesGeomapping:
BatchgeoGIPCData:
SteamStealer IPs IOCs
