A recent investigation by Group-IB says that scammers are going after Steam users to steal their login information.
According to the experts, the hackers are using a sneaky phishing kit to trick players into disclosing their Steam login information. They then attempt to sell the victims’ accounts on the black market.
Some of the most high-profile accounts apparently sell for as much as $100,000 to $300,000 per piece, suggesting that the thefts may be quite lucrative.
False popups
The gang communicates via Telegram or Discord and uses a phishing kit that can conduct “browser-in-browser” attacks—a technology that is less popular among cybercriminals than certain other ones.
They’ll attempt to contact professional players on Steam and invite them to a competition for one of the more well-known games, such as League of Legends, Counter-Strike, Dota 2, or PUBG.
The invitation will have a link to a website that looks like it is run by a company that sponsors and hosts esports competitions.
The victims will prompt to connect to their Steam accounts, which will appear as a standard login pop-up page, in order to register for the tournament.
But the login page isn’t a browser popup; rather, it’s a full-fledged phoney window that made inside the current website. As a result, it is quite challenging for the victim to recognise that they are the target of an assault, especially since the search engine link will appear to be trustworthy.
After entering their login information, the targets will be asking for their 2FA code. If they don’t give the right one, the website will show them an error message.
However, if they enter the appropriate code, they’ll forward it to an authentic URL, further disguising the theft.
Generally speaking, blocking JavaScript is the greatest defence against these kinds of assaults, but this strong action will crash many well-known websites, so it can’t be advisable.
Instead, players should be very careful with links they get from anywhere, including Telegram and Discord.
