Gandalf_The_Grey
Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 7,262
Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors.
The Browser-in-the-Browser technique is a trending attack method involving the creation of fake browser windows within the active window, making it appear as a sign-in pop-up page for a targeted login service.
In March 2022, BleepingComputer was the first to report on the capabilities of this new phishing kit created by security researcher mr.d0x. Using this phishing kit, threat actors create fake login forms for Steam, Microsoft, Google, and any other service.
Today, Group-IB published a new report on the topic, illustrating how a new campaign using the 'Browser-in-the-Browser' method targets Steam users, going after accounts for professional gamers.
These phishing attacks aim to sell access to those accounts, with some prominent Steam accounts valued between $100,000 and $300,000.
In all Browser-in-the-Browser phishing cases, the URL in the phishing window is the legitimate one, as the threat actors are free to display whatever they want since it's not a browser window but merely a render of one.
The same applies to the SSL certificate lock symbol, indicating an HTTPS connection, creating a false sense of security for the victims.
Even worse, the phishing kit allows users to drag the fake window around, minimize it, maximize it, and close it, making it very difficult to spot as a fake browser-in-the-browser window.
As the technique requires JavaScript, blocking JS scripts aggressively would prevent the fake login from being displayed. However, most people do not block scripts as it would break many popular websites.
In general, be very wary of direct messages received on Steam, Discord, or other game-related platforms, and avoid following links sent by users you do not know.
Hackers steal Steam accounts in new Browser-in-the-Browser attacks
Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors.
www.bleepingcomputer.com