Steam accounts are being stolen by this devious phishing attack
Pro gamers targeted with “browser-in-browser” attacks
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Steamusers are being targeted by cybercriminals looking to steal accounts, a new report from Group-IB has claimed.
The experts uncovered a group of hackers using an elusivephishingkit to try and lure gamers into giving away their Steam login credentials, and once they do, the crooks will try to sell their accounts on the black market.
The thefts can allegedly be rather lucrative, with some of the more high-profile accounts reportedly selling for as much as $100,000 to $300,000 apiece.
Fake popups
The group gathers either on Discord or Telegram and uses a phishing kit capable of “browser-in-browser” attacks, something not as widely distributed among the cybercrime community as some other tools.
What they’ll do is try and reach out to pro gamers on Steam and invite them to a tournament for one of the more popular titles, such asLeague of Legends, Counter-Strike, Dota 2, or PUBG. The invitation will carry a link, which will bring the victim to a website that looks like it belongs to an organization sponsoring and hostingesportstournaments.
To sign up for the tournament, the victims will be asked to log into their Steam accounts, which will look like a regular login pop-up page. However, that login page isn’t a browser popup, but rather an entire fake window, created within the current page. That makes it extremely difficult for the victim to spot they’re being attacked, especially because the link in the search bar will look legitimate.
Watch out - that WeTransfer link could be a phishing scam>This Facebook Messenger phishing scam may have trapped millions of users>Here’s our pick for the best ID management software around
After typing in their credentials, the targets will also be asked for their 2FA code, and if they fail to provide the right one, the website will display an error message. If they provide the right code, however, they’ll be redirected to a legitimate URL, further hiding thetheft.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Generally speaking, the best way to defend from these types of attacks is to block JavaScript, but given that such an aggressive measure would break many popular websites, it can’t be recommended. Instead, gamers are urged to be extra vigilant when receiving any links anywhere, Discord and Telegram included.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
I’ve been covering Apple Watch deals for years – This is the one model most people should buy on Black Friday
