Group IB company engaged in information security, reported[1] about the discovery of a new phishing scheme to steal the accounts of users of the digital distribution service Steam.
Image source: Fishing Planet
To “hijack” accounts, attackers use recently described[2] Browser-in-the-browser technique that allows you to create a fake pop-up browser window on a phishing site that is indistinguishable from the real one at first glance.
The user falls for the ruse and opens an account entry form that mimics the original Steam window, with a fake SSL certificate icon, working buttons, and a choice of 27 supported languages.
The entered data is forwarded to the attacker and entered into Steam itself. The phishing site also warns in case of a fill error and displays a code request if the victim has two-factor authentication enabled.
Example of a bait side (Image source: Group-IB)
According to Alexander Kalinin, head of the Group-IB Center for Information Security Incident Response, browser-in-the-browser technology is dangerous even for gamers who follow basic cybersecurity rules.
Unlike usual scams with ready-made toolkits for sale, browser-in-the-browser solutions for Steam are kept private from attackers.
In this regard, Group-IB advises paying attention to some of the distinguishing features of phishing forms from real ones:
- the design of the header, the address bar and the control buttons may differ;
- The fake address bar doesn’t work (doesn’t allow you to type another URL and/or follow it in the same window);
- the fake window does not open in the taskbar and does not zoom in / out / expand to full screen;
- the fake window cannot be moved to the original tab’s controls;
- the fake window’s minimize button just closes it;
- The fake window will no longer appear if you disable the execution of JS scripts in the browser settings.
Unlike many phishing techniques, the new one opens a fake browser window in the old tab (Image source: Group-IB)
To lure players to a baiting site, scammers use themed chats and communities (invitations to esports tournaments, voting, buying tickets and receiving awards), as well as advertising in popular videos.
In total, Group-IB revealed more than 150 phishing resources disguised as Steam in July this year. The company’s specialists have already warned Valve about the threat to users of its service.
Steam started in 2003 and has since grown to 120 million monthly users and over 50,000 games in its catalogue. The price of a beginner player’s account is estimated at several tens of dollars, and the leading ones – from 100 to 300 thousand dollars.
Developers of Unfold Games have announced Bloody Hell Hotel – an unusual simulator in which the player has to restore the once grandiose vampire mansion. Image Source: Steam The protagonist of Bloody Hell Hotel is a vampire who has awakened…
Publisher Kalypso Media and developer from the Italian studio Raylight Games announced the exact release date of Commandos 3: HD Remaster, the third game in the cult tactical strategy series. Image source: Kalypso Media Keep in mind that the updated…
American publisher and developer ArenaNet uncovered the exact release date of his multiplayer role-playing game Guild Wars 2 on Steam and talked about the upcoming tenth anniversary of the project. Image source: ArenaNet Recall that the Steam…
Microsoft continues to convince industry regulators in several countries that the deal to buy Activision Blizzard won’t hurt its competitors. Sony previously said otherwise. Now Microsoft has accused the Japanese company of paying video game…
Yesterday, August 15th, the first season of the shareware fighting game MultiVersus started. As part of the event, developers from Player First Games Approved the leak of two unannounced characters and accidentally revealed another new pair. Image…
References
- ^ reported (www.group-ib.ru)
- ^ recently described (mrd0x.com)