Steam game phishing campaign targets users’ login credentials

• This phishing campaign promises free games if users play a web roulette game.
• The phishing campaign goes on to say that users have less than 30 minutes to claim the complete game key by logging into their Steam account via the website.

A new phishing campaign abuses the Steam gaming platform to steal users’ login credentials and hijack user accounts.

How does the campaign work?

Researchers from Malwarebytes Labs have observed the phishing campaign and have described it in detail.

• This phishing campaign is promoted on the Steam platform using already hijacked accounts.
• This campaign distributes the shortened URLs to hijacked accounts’ friend list via the Steam chat.
• The shortened URLs redirect users to a phishing domain.
• This phishing page promises free games if users play a web roulette game.
• The page then states that the users have less than 30 minutes to claim the complete game key by logging into their Steam account via the website.
• The page also states that users need to wait for 24 hours before they can play the roulette again and win another free game.
• Upon clicking the ‘Login via Steam’ button, a third-party fake Steam login page opens up.
• Once users enter their login credentials, the credentials will be sent to the phishing campaign operators, who will use the credentials to hijack victims’ Steam accounts.
• The hijacked accounts will then be used for distributing the phishing links to more targets.

Malicious domains

In their blog, the researchers wrote, “Links in identical campaigns in the past were not hidden behind a URL shortener. It’s also no surprise that these links kept changing. In this case, the shortened URLs have redirected to the following domains, which are less than four months old, at some point:

• easyk3y[dot]com
• ezzkeys[dot]com
• g4meroll[dot]com
• g4me5[dot]com
• gift4keys[dot]com
• gifts-key[dot]com
• ong4me[dot]com
• tf2details[dot]com
• Yes-key[dot]com."