Steam s Are Being Targeted By A Sophisticated Browser-In-The-Browser Attack

Comments

Steam s are being targeted by a clever new browser-in-the-browser phishing scheme disguised as a legitimate Steam message. According to cybersecurity company Group-IB, the scheme specifically targets professional and competitive gamers, sending them fake tournament invites through the platform’s messaging system.

Upon clicking the accompanying link, it will redirect you to a professional-looking tournament website where you’ll be asked to to Steam and enter a two-factor authentication code. Upon logging-in, the hackers will gain full access to your and can even change your credentials, making recovery extremely difficult. From there, the hackers can steal anything valuable on your , including skins or unopened games, and possibly even your credit card information. They can also use your friends list to send out more phishing invites.

The fact that they’re using tournament invites to entice victims narrows their targets down to competitive and professional gamers. These are also the s that are likely to have expensive skins or other virtual goods. Group-IB claims that some pro gamer s could possibly be worth hundreds of thousands of dollars.

Browser-in-the-browser (BitB) attacks are much more likely to succeed in stealing credentials and personal information since they resemble the actual legitimate websites. The fake window can also be moved around, minimized, maximized, and closed, and even has a fake SSL certificate lock (green lock), a legitimate URL, multiple language options, and in Steam’s case, a fake Steam Guard prompt. In many cases, they even display a warning about saving your data on a third-party resource.

It's difficult to block these attacks since they can evade most pop-up blockers, but a script blocker may provide at least some form of protection since BitB attacks primarily use JavaScript. Common precautions when browsing the internet such as ignoring or filtering direct messages and emails from unknown senders is also a good practice. And, as far as all scams go, if it looks too good to be true, it probably is. Stay safe!

Share this post:

Share on Reddit

Related:

steam logo welcome banner
Steam’s Updated Refund Policy Now Enforces A Playtime Limit On Early Access Games
steam best of 2023 banner
Steam Unveils Annual Best Of Steam List With A Surprising Entry From Decades Past
steam winter sale 2023 banner
Steam’s Winter Sale Is Now Live Offering Discounts On Thousands Of Games
tagged with