Hackers steal Steam accounts in new Browser-in-the-Browser attacks


Level 78
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors.

The Browser-in-the-Browser technique is a trending attack method involving the creation of fake browser windows within the active window, making it appear as a sign-in pop-up page for a targeted login service.

In March 2022, BleepingComputer was the first to report on the capabilities of this new phishing kit created by security researcher mr.d0x. Using this phishing kit, threat actors create fake login forms for Steam, Microsoft, Google, and any other service.

Today, Group-IB published a new report on the topic, illustrating how a new campaign using the 'Browser-in-the-Browser' method targets Steam users, going after accounts for professional gamers.

These phishing attacks aim to sell access to those accounts, with some prominent Steam accounts valued between $100,000 and $300,000.
In all Browser-in-the-Browser phishing cases, the URL in the phishing window is the legitimate one, as the threat actors are free to display whatever they want since it's not a browser window but merely a render of one.

The same applies to the SSL certificate lock symbol, indicating an HTTPS connection, creating a false sense of security for the victims.

Even worse, the phishing kit allows users to drag the fake window around, minimize it, maximize it, and close it, making it very difficult to spot as a fake browser-in-the-browser window.

As the technique requires JavaScript, blocking JS scripts aggressively would prevent the fake login from being displayed. However, most people do not block scripts as it would break many popular websites.

In general, be very wary of direct messages received on Steam, Discord, or other game-related platforms, and avoid following links sent by users you do not know.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.