A new kind of attack is being used to steal Steam accounts.

2 Min Read

Hackers are stealing Steam accounts using a new sort of phishing attack revealed by Group IB cybersecurity specialists.

According to Group IB’s investigation, a hacker group has been utilising an elusive phishing kit to acquire Steam accounts from users.

The hackers trick individuals into providing their Steam credentials, which are subsequently sold on the black market.

According to reports, several high-profile accounts were sold for between $100,000 and $300,000.
What They Do

The hacking gang usually communicates through Discord or Telegram and employs a phishing kit capable of “browser-in-browser” assaults, which is uncommon in the cybercrime world.

The hackers approach professional players and invite them to competitions for popular games such as CS:GO, Overwatch, Dota 2, and PUBG.

The invitation contains a malicious link that directs users to a tournament website that seems to be sponsored by a reputable organisation.

The website invites you to input your Steam credentials into a pop-up window to sign up for the event, yet it isn’t a browser pop-up at all.

It is a completely bogus popup that takes the victim’s login information, including a 2FA code.

If you input the incorrect code, an error notice will appear on the page; however, if you enter the correct data, you will be sent to a genuine website, making everything seem authentic.

The worst aspect is that the victim will have a difficult time detecting that they are being hacked since the link in the search field would seem real.

Read Also: A 10 year old Pakistani YouTuber has become the first person to win the Diamond Play Button.

You may defend yourself from such assaults by blocking JavaScript in your browser, but this is a drastic approach that would crash many websites. In general, players should be careful of competition links acquired through Telegram or Discord groups.

Share This Article
Leave a Comment