October 2, 2023

Researches from Group-IB has came with a report about sophisticated Browser-in-the-Browser phishing technique is snaring Steam users.

Accounts belong to competitive and professional gamers worth hundreds and thousands of dollars are being targeted with fake direct messages on Steam, inviting them to join tournaments. The user will then navigate to a slick looking game tournament platform where they are asked to log in using their Steam credentials and a 2FA code.

Once bypassed, the hackers will have access to the users account, being able to change the login credentials, making recovery difficult. By the time of regaining access, virtual goods such as skins will probably be gone, your credit card info could be compromised or the hacker may use your friends list for further targeting.

Advertisements

This kind of phishing attack is deadly, since it is a mimicking render of a real browser pop up window. An user who is not suspecting any abnormality would believe they are using a real site, complete with a security certificate, multiple languages and a professional design. The attack uses JavaScript as a major source for the attack.

Dodgy links of malicious nature need to be carefully watched. Caution required before clicking any links and validation need to be performed on each action. Accounts with strong passwords and 2FA is an mandate requirement to stay safe.

Tags:

Leave a Reply

You may have missed

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023

Exim Mail Transfer Server Vulnerabilities

September 30, 2023
%d bloggers like this: