Steam users have been targeted by hackers using Browser-in-the-Browser (BiTB) phishing attacks to steal their credentials. 

What’s happening?

The new attack method includes developing a fake browser window within an active window to mimic a sign-in page for a particular login service.
  • The phishing kit isn't easily procurable on hacking forums or the dark web. Instead, hackers use Discord or Telegram channels to gain easy access to the new phishing kit.
  • Threat actors intend to sell access to these hacked accounts, starting from $100,000 to $300,000.

The attack campaign

The targets are sent direct invitation links on their Steam account, requesting them to join a team for LoL, CS, Dota 2, or PUBG competitions. Once the link is clicked, they are directed to a phishing site organizing esports competitions.
  • To participate in the competition, the guests are requested to log in via their Steam account. However, the user is unaware that the new login page window is a fake window developed by the hackers to carry out the phishing attack.
  • Once user credentials are entered, a novel form prompts the participant to insert the 2FA code. In case the entered code is incorrect, an error message is exhibited.
  • However, in case of successful authentication, the user lands on a URL set by the C2 to reduce the likelihood of the victim discovering the intrusion. 
  • Having taken over victims' accounts, the threat actors change their passwords and email addresses to make it harder for them to reclaim control.

Red flags

  • The user should look for the fake address bar at the top of the pop-up window. 
  • To fool the users, the phishing kit allows them to interact with the fake window features, making it difficult to spot the difference between the original window and the fake BiTB window. 
  • Online users should be wary of any direct messages received on Steam, or other platforms, and avoid clicking on links sent by unknown sources. 
The BiTB phishing kit first came to light in March and attackers are making the most of this newfound medium. With online gaming gaining momentum, which is evident in the rise of users across various platforms, hackers now have a vast pool to carry out attacks to steal credentials. Users or gamers are required to adhere to safety measures.
Cyware Publisher