Rogue Chrome extensions, Steals your Steam Inventory

[Ink]

Content source

http://www.theregister.co.uk/2016/01/20/steam_chrome_extension_scam/

Security researcher Bart Blaze warned that supposedly "helpful" Chrome extensions for Counter-Strike: Global Offensive (CS:GO) are actually scamware.

“Instead of being able to change your CS:GO Double theme, your items from your inventory are getting stolen; instead of trading with X or Y person you trust, the items go to the scammer rather than whoever you're trading with,” Blaze warned in a blog post on Tuesday.

The rogue extensions pose as “CS:GO Double Withdraw Helper”, “Csgodouble AutoGambling Bot” among other browser add-on themes. Three of the four rogue extensions were still in the Chrome Web Store on Wednesday morning despite several reports.

El Reg alerted Google through its PR team about this apparent malfeasance. The Steam user named Delta seemingly behind the alleged scam was already banned (again, for at least the second time) even before we fired off an email.

Nonetheless, copycat or follow-up scams are a real possibility so caution is advised. Those hit can remove the dodgy software from their systems by simply removing the dodgy extension(s) from Chrome, a much easier process than would be the case if a trojan software had been installed on a compromised system.
​

Blog Post: Blaze's Security Blog: Chrome extension empties your Steam inventory

Edit /comments as "This is why I do not use Chrome", is a very poor excuse and you most likely lack any judgement when it comes to knowing what to install, and what not..

 

[DracusNarcrym]

A user must always take caution in using 3rd party software, which use a service's API, in order to enhance that service.
The extension, in terms of coding, did not violate or exploit any Steam function.
This is, in fact, as the article suggests, a scam, where users are tricked into installing the potential "helper" extension, which in turn abuses Steam services when it is authorized by users to access Steam functions/services via the Steam API.

Be wary, such kinds of apps are not found only in the Google Chrome app store, but also in Google Play and potentially in Apple's App Store.

A user's best bet is to only use the official Steam client applications for desktop and mobile, and avoid 3rd party software altogether.
Otherwise, users may install software that have a lot of positive feedback many users, so that they can ensure that those applications are legitimate.

 

[jamescv7]

A smart gamer does not use any extension or 3rd party program to play games on Steam, even those transactions are only made from official itself so no scams or issues.

So with that incident, typically its more on the novice user but not engage much on games.