Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Steam. Show all posts
Steam
Cyber Attacks Gaming Internet Online Gaming Phishing Attack Steam

Hackers Target 'Counter Strike-2' Players Via Fake Steam Login Pop-ups

Hackers Target 'Counter Strike-2' Players Via Fake Steam Login Pop-ups

Browser-in-the-browser attacks are simple yet sophisticated phishing scams. Hackers emulate trusted services via fake pop-up windows that look like the actual (real) login pages. While there have been a lot of reports describing browser-in-the-browser tactics, it is very difficult to actually catch a hacker deploying this campaign.

Fake Steam pages used to target gamers

Cybercriminals are targeting Counter-Strike 2 (a free-to-play tactical first-person shooter game) players using a disguised Steam login page that looks quite convincing. The fake page tricks innocent gamers into giving away their account IDs and passwords.

The hackers distributed the attack on the websites that pretended to represent the sports team Navi. “Part of the campaign’s attack tactics also includes abusing the name of a professional esports team called Navi,” reports cybersecurity vendor Silent Push. The hackers offered visitors free weapons skins or a “free case” that could be used in the game. To get these freebies, the phishing page demanded users to log in to Steam. 

“All of the websites our team has found so far were in English save one Chinese site, simplegive[.]cn, which was created in Mandarin, with some English wording, and used the top-level domain (TLD) '.cn,” reports Silent Push.

Campaign explained

The campaign, an example of browser-in-the-browser tactic, is built around creating an almost real-looking fake browser pop-up windows that display the URL of the actual website. It aims to make a visitor feel safe; the users believe the pop-up window is part of the real site. When a victim tries to log into the fake Steam portal, the hackers steal their login credentials and also try to take over victim accounts for future resale. After this, the site shows a fake pop-up page that mimics the Steam login portal, including the official “steamcommunity.com” domain in the web address. But the pop-up is a dummy window inside the phishing webpage; Silent Push has shown this in its video.

More about fake pop-up and how to identify it

According to Silent Push, the fake pop-up to the Steam login “cannot be maximized, minimized, or moved outside the browser window even though victims can ‘interact’ with the URL bar of the fake pop-up.” Silent Push also said that the campaign can be more effective for desktop users because the pop-ups are designed to be viewed on a larger resolution, in this case, big screens. All the fake Navi websites discovered were in English, except one Chinese site, which was in Mandarin with few English words. 

The fake websites were hosted on domains like casenaps[.]com, caserevs[.]com, and caseneiv[.]com. However, it doesn’t seem likely that the hackers took the time to make fake pop-ups for mobile phone viewing. To stay safe, users should always check for fake URL bars in any login pop-ups. If you find any URL bar, always drag that window outside of your browser. If it doesn’t move, you can tell the pop-up is fake.

Read more »
Steam
Cyber Fraud PC Games Phishing Attacks Scam Steam

Users Warned About the Steam Scam Prevailing in the Wild

 

Another new internet fraud is circulating that may result in PC gamers losing access to their Steam accounts or perhaps getting their systems infected with a virus. 

Valve's Steam is a video game digital distribution service. In September 2003, it was released as a separate software client as a mechanism for Valve to give automatic updates for their games, and it was eventually expanded to also include titles from third-party publishers. 

If one has ever played a multiplayer online game, then they must be probably familiar with skins. Skins are decorative overlays for in-game goods that are widely traded in. These are, however, available to buy for either virtual or real money. 

Malwarebytes has issued a warning about a potential skins fraud that might result in users losing access to their accounts and their vast library of video games. As per a recent blog post from Malwarebytes Labs, one of the earliest frauds is skin phishing, wherein a scammer creates a false marketplace, a replica of a genuine game-themed lounge, or even a fake user's trade inventory page to breach an account. 

The fact that this strategy may be performed out in a very short period makes it highly risky. A scammer will commence by sending out a message with a malicious link to potential suspects on Steam or Discord. The messages are like this;

“Yo, I don’t know you, unfortunately, but this is for you, I do not need that knife [link]” 

“I haven’t met you, unfortunately (or not lol), but take it, I dont don’t need that skin [link]” 

After a user's Steam account has been compromised, they must contact the Steam assistance team to try to restore it, but by then, the fraudster has most likely altered their password as well as other login details. To make the matter worse, they might attempt identity theft by signing into a victim's additional online accounts with their Steam credentials. 

Malwarebytes suggests that Steam users must set two-factor authentication (2FA) for their accounts as well as avoid clicking on any URLs from unfamiliar persons in-game or online to safeguard themselves from this and other similar scams.
Read more »
Subscribe to: Posts (Atom)