So-called browser-in-the-browser attacks are very treacherous, and are being used against competitive gamers.

The Group-IB house, cybersecurity experthas reported the existence of a new “browser-in-the-browser” phishing technique that “appeared out of nowhere” at the beginning of the year and has been tormenting users of Steamespecially those of competitive and professional fieldsall these months.
For those of us who carry decades exposed to the attacks of the hackers of this, our Internet, the attempts by mail that ask us for passwords to access our bank or PayPal account, they ask us what our shoe size is, where is that private handpoke that we did on the Camino de Santiago, etc., they seem a bit silly to us, and it is not difficult for us to see them coming; but the times changeand phishing attacks are becoming more sophisticated.
According to the security company, and we read in BleepingComputer, the method to obtain the data on duty goes beyond of the faithful imitation of a web page. It is a whole page mounted in a popup browser. With this, hackers manage to simulate the Steam login form in a very realistic way, because it has an SSL certificate with your logothe window is resizable and also changes depending on the user’s language.
On the Valve platform, as we said above, the targets are people dedicated to the professional and competitive environment, who receive direct messages with invitations to tournaments. If accepted, the message takes them directly to that false formwhich is used to extract the credentials for access your Steam accounts; that is, they take all linked games, virtual goods, and inventory items (which, in case you didn’t know, can cost a million).

To prevent this type of attack, it is recommended to have an extension or script blocker, since usa JavaScript. Obviously, this can be detrimental to the functionality or appearance of other completely reliable pages, but in exchange for avoiding these problems… In any case, if you have trouble discerning which pages are reliable and which are not, remember: if something advertised on the Internet is free or too good to be truehas all the ballots to be a scam.
But please let’s not forget that not all hackers are bad. It is clear that one of the main motivations for accessing computers, extracting private information or any other files is get money in return (except in cases of government espionage, ahem); but many others deal with tasks as pure and beautiful like mounting an operating system on Commodore 64 or bringing Doom to a tractor’s computer.
Image | Joan Gamell in Unsplash and Group-IB
More about: 3D Tech Games, Steam, Valve, Hacker and Phishing.