Safety Detectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

Hackers Steal Steam Account Credentials in Phishing Attacks

Colin Thierry
Colin Thierry
Colin Thierry Colin Thierry

Hackers launched attacks to steal Steam login credentials while using an increasingly popular Browser-in-the-Browser phishing method.

This trending attack technique involves creating false browser windows within the active window, while making it appear as a sign-in pop-up page for a targeted login service.

On Monday, cybersecurity researchers from Group-IB published a report on this topic where they explained how a recent hacking campaign ‘Browser-in-the-Browser’ method targeted Steam users, most notably the accounts of professional gamers.

The threat actors looked to sell access to those Steam accounts, with some more prominent ones valued between $100,000 and $300,000.

Group-IB reported that the phishing kit used in the Steam campaign isn’t widely available currently in hacking forums or dark web markets. It’s instead used privately by hackers that gather on Discord or Telegram channels to coordinate their attacks.

Potential victims are targeted with direct message invites on Steam to join a team for League of Legends, Counter-Strike, Dota 2, or PUBG tournaments.

The shared links by the threat actors then bring the targets to a phishing site for what looks like an organization sponsoring and hosting esports competitions.

In order to join a team and play in a tournament, the victims are requested to log in with their Steam accounts. However, instead of being an actual browser window overlaid over the existing website, this new login page window is a fake window created within the current page. This makes this page very difficult to spot as a phishing attack.

The landing pages also support up to 27 languages, detecting the language from the victim’s browser preferences in order to load the correct one.

After entering their credentials, the victims are then prompted to enter the 2FA code. If this step is unsuccessful, an error message is displayed.

However, if the authentication is successful, the victims are then usually redirected to a legitimate address in order to lower the chances of them identifying the attack.

At this point, the victim’s account credentials have been successfully stolen and sent to the threat actors.

About the Author
Colin Thierry
Colin Thierry
Writer

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.