{"id":6744,"date":"2022-09-13T06:18:05","date_gmt":"2022-09-13T06:18:05","guid":{"rendered":"https:\/\/blog.bwgamespot.com\/index.php\/2022\/09\/13\/a-new-browser-in-the-browser-attack-threatens-steam-users\/"},"modified":"2022-09-13T06:18:05","modified_gmt":"2022-09-13T06:18:05","slug":"a-new-browser-in-the-browser-attack-threatens-steam-users","status":"publish","type":"post","link":"https:\/\/blog.bwgamespot.com\/index.php\/2022\/09\/13\/a-new-browser-in-the-browser-attack-threatens-steam-users\/","title":{"rendered":"A new browser-in-the-browser attack threatens Steam users"},"content":{"rendered":"<p>Those dodgy hackers are at it again, and this is one that gamers in particular need to keep an eye out for as it targets Steam users.<\/p>\n<p><a href=\"https:\/\/blog.group-ib.com\/steam\" target=\"_blank\" rel=\"noopener\">Group-IB<\/a> (via <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-steal-steam-accounts-in-new-browser-in-the-browser-attacks\/\" target=\"_blank\" rel=\"noopener\">Bleeping Computer<\/a>) is reporting that a sophisticated Browser-in-the-Browser phishing technique is snaring Steam users. In particular, competitive and professional gamers are being targeted with fake direct messages on Steam, inviting them to join tournaments. The user will then navigate to a slick looking game tournament platform where they are asked to log in using their Steam credentials and a 2FA code.<\/p>\n<p>Once that\u2019s done, the hackers will have access to the users account, being able to change the login credentials, making recovery difficult. By the time you regain access, your virtual goods such as skins will probably be gone, your credit card info could be compromised or the hacker may use your friends list for further targeting.<\/p>\n<p>By baiting users with tournament play, this is an attack that is apparently aimed at competitive and professional gamers. These accounts are the ones that are more likely to have expensive virtual goods, with Group-IB claiming that some accounts are worth hundreds of thousands of dollars.<\/p>\n<p>This kind of phishing attack is especially devious since it is a mimicking render of a real browser pop up window. For all intents and purposes, an unsuspecting user would believe they are using a real site, complete with a security certificate, multiple languages and a professional design. The fake window can be maximized, minimized, and moved around to give it a more legitimate look.\u00a0<\/p>\n<div class=\"image-full-width-wrapper\">\n<div class=\"image-widthsetter\">\n<p class=\"vanilla-image-block\">\n<\/p><\/div>\n<\/div>\n<p><span class=\"credit\">(Image credit: Group-IB)<\/span><\/p>\n<p>As the attack uses JavaScript, a script blocking extension will offer some protection by preventing the malicious code from running. As someone that has fallen victim to a browser phishing attack in years past, I use a <a href=\"https:\/\/chrome.google.com\/webstore\/detail\/noscript\/doojmbjmlfjjnbmnoijecmcbfeoakpjm\" target=\"_blank\" rel=\"noopener\">script blocking extension<\/a>. It can be a pain when navigating to new sites but in the years since installing, I cannot imagine not using it.<\/p>\n<p>The general rules of the internet remain. If something appears too good to be true, it probably is. Don\u2019t click on links from sources you don\u2019t trust and carefully filter or ignore unknown direct messages and emails. Whether its cryptocurrency, NFT\u2019s or CS:GO skins, if something has a dollar value attached to it, dodgy scumbags will try to steal them from you. Stay safe out there!<\/p>","protected":false},"excerpt":{"rendered":"<p>[#item_image]A new browser-in-the-browser attack threatens Steam users<!-- wp:html --><\/p>\n<p>Those dodgy hackers are at it again, and this is one that gamers in particular need to keep an eye out for as it targets Steam users.<\/p>\n<p><a href=\"https:\/\/blog.group-ib.com\/steam\" target=\"_blank\" rel=\"noopener\">Group-IB<\/a> (via <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-steal-steam-accounts-in-new-browser-in-the-browser-attacks\/\" target=\"_blank\" rel=\"noopener\">Bleeping Computer<\/a>) is reporting that a sophisticated Browser-in-the-Browser phishing technique is snaring Steam users. In particular, competitive and professional gamers are being targeted with fake direct messages on Steam, inviting them to join tournaments. The user will then navigate to a slick looking game tournament platform where they are asked to log in using their Steam credentials and a 2FA code.<\/p>\n<p>Once that\u2019s done, the hackers will have access to the users account, being able to change the login credentials, making recovery difficult. By the time you regain access, your virtual goods such as skins will probably be gone, your credit card info could be compromised or the hacker may use your friends list for further targeting.<\/p>\n<p>By baiting users with tournament play, this is an attack that is apparently aimed at competitive and professional gamers. These accounts are the ones that are more likely to have expensive virtual goods, with Group-IB claiming that some accounts are worth hundreds of thousands of dollars.<\/p>\n<p>This kind of phishing attack is especially devious since it is a mimicking render of a real browser pop up window. For all intents and purposes, an unsuspecting user would believe they are using a real site, complete with a security certificate, multiple languages and a professional design. The fake window can be maximized, minimized, and moved around to give it a more legitimate look.\u00a0<\/p>\n<div class=\"image-full-width-wrapper\">\n<div class=\"image-widthsetter\">\n<p class=\"vanilla-image-block\">\n<\/div>\n<\/div>\n<p><span class=\"credit\">(Image credit: Group-IB)<\/span><\/p>\n<p>As the attack uses JavaScript, a script blocking extension will offer some protection by preventing the malicious code from running. As someone that has fallen victim to a browser phishing attack in years past, I use a <a href=\"https:\/\/chrome.google.com\/webstore\/detail\/noscript\/doojmbjmlfjjnbmnoijecmcbfeoakpjm\" target=\"_blank\" rel=\"noopener\">script blocking extension<\/a>. It can be a pain when navigating to new sites but in the years since installing, I cannot imagine not using it.<\/p>\n<p>The general rules of the internet remain. If something appears too good to be true, it probably is. Don\u2019t click on links from sources you don\u2019t trust and carefully filter or ignore unknown direct messages and emails. Whether its cryptocurrency, NFT\u2019s or CS:GO skins, if something has a dollar value attached to it, dodgy scumbags will try to steal them from you. Stay safe out there!<\/p>\n<p><!-- \/wp:html --><\/p>\n","protected":false},"author":0,"featured_media":6745,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[20],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.bwgamespot.com\/index.php\/wp-json\/wp\/v2\/posts\/6744"}],"collection":[{"href":"https:\/\/blog.bwgamespot.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.bwgamespot.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.bwgamespot.com\/index.php\/wp-json\/wp\/v2\/comments?post=6744"}],"version-history":[{"count":0,"href":"https:\/\/blog.bwgamespot.com\/index.php\/wp-json\/wp\/v2\/posts\/6744\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.bwgamespot.com\/index.php\/wp-json\/wp\/v2\/media\/6745"}],"wp:attachment":[{"href":"https:\/\/blog.bwgamespot.com\/index.php\/wp-json\/wp\/v2\/media?parent=6744"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.bwgamespot.com\/index.php\/wp-json\/wp\/v2\/categories?post=6744"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.bwgamespot.com\/index.php\/wp-json\/wp\/v2\/tags?post=6744"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}