Steam accounts are being stolen by this devious phishing attack

Steam users are being targeted by cybercriminals looking to steal accounts, a new report from Group-IB has claimed.

The experts uncovered a group of hackers using an elusive phishing kit to try and lure gamers into giving away their Steam login credentials, and once they do, the crooks will try to sell their accounts on the black market.

The thefts can allegedly be rather lucrative, with some of the more high-profile accounts reportedly selling for as much as $100,000 to $300,000 apiece.

Fake popups 

The group gathers either on Discord or Telegram and uses a phishing kit capable of “browser-in-browser” attacks, something not as widely distributed among the cybercrime community as some other tools. 

What they’ll do is try and reach out to pro gamers on Steam and invite them to a tournament for one of the more popular titles, such as League of Legends, Counter-Strike, Dota 2, or PUBG. The invitation will carry a link, which will bring the victim to a website that looks like it belongs to an organization sponsoring and hosting esports tournaments. 

To sign up for the tournament, the victims will be asked to log into their Steam accounts, which will look like a regular login pop-up page. However, that login page isn’t a browser popup, but rather an entire fake window, created within the current page. That makes it extremely difficult for the victim to spot they’re being attacked, especially because the link in the search bar will look legitimate.

After typing in their credentials, the targets will also be asked for their 2FA code, and if they fail to provide the right one, the website will display an error message. If they provide the right code, however, they’ll be redirected to a legitimate URL, further hiding the theft

Generally speaking, the best way to defend from these types of attacks is to block JavaScript, but given that such an aggressive measure would break many popular websites, it can’t be recommended. Instead, gamers are urged to be extra vigilant when receiving any links anywhere, Discord and Telegram included.

Via: BleepingComputer

Go to Source