Hackers Stealing Steam Accounts Using This New Hack
Researchers at Group-IB, a leading provider of innovations and solutions for counteracting cyberattacks, have published a new report that demonstrates how hackers are using a new phishing technique called Browser-in-the-Browser, to target accounts of professional Steam gamers that are valued between $100,000 and $300,000.
For the unversed, a Browser-in-the-Browser (BitB) is a new phishing threat that is emerging worldwide. This method creates a fake browser window within the active parent browser window on a phishing resource, making it look like a sign-in pop-up page in order to steal login credentials.
This phishing kit was first discovered and shared by a researcher Mr.d0x in March 2022. Using this method, threat actors create fake login forms for Steam, Microsoft, Google, or any other service.
In order to analyze the significant threat that the Browser-in-the-Browser technology posed to significant users, Group-IB used an example of a phishing kit located on a resource that mimicked Steam.
How Does The Scheme Work?
Threat actors send direct messages to prospective victims on Steam and lure them with various appealing offers such as: inviting them to join a team for LoL, CS, Dota 2, or PUBG tournament, or voting for the user’s favorite team, or buying discounted tickets to cybersport events, and more.
The links that the threat actors share bring the victims to bait webpages mimicking organizations sponsoring and hosting e-sports competitions. The victims are then requested to log in via their Steam account in order to join a team and play in a competition.
“Almost any button on bait webpages opens an account data entry form mimicking a legitimate Steam window. It has a fake green lock sign, a fake URL field that can be copied, and even an additional Steam Guard window for two-factor authentication,” the researchers wrote in their report.
While traditional phishing resources display a phishing data entry form or redirect users to it, this type of attack opens a fake browser window in the same tab to convince users about its authenticity.
Users can even switch between 27 webpage interface languages, which are fully functional, and the selection is identical to the one…