"Hackers Using New Browser-in-the-Browser Exploits For Stealing Steam Accounts"
Hackers are using a phishing method called Browser-in-the-Browser (BITB) to obtain Steam user credentials. The BITB attack involves the creation of false browser windows inside the open window, which are then disguised as sign-in pop-up pages for specific login services. In March 2022, the capabilities of a new phishing kit developed by the security researcher mr.d0x were revealed. Using this phishing kit, threat actors can create bogus login pages for Google, Microsoft, Steam, and other services. Group-IB recently demonstrated how a new campaign employing the BITB strategy targeted Steam users, specifically professional gamer accounts. Some popular Steam accounts are worth $100,000 to $300,000, and these phishing campaigns attempt to sell access to those accounts. The phishing kit used in the Steam campaign is not easily accessible on hacker forums or dark web marketplaces. Instead, it is used by hackers who secretly collaborate on Telegram or Discord channels to plan their attacks. Potential victims receive direct messages on Steam encouraging them to join a team for LoL, CS, Dota 2, or PUBG competitions. Through the links sent by the phishing actors, the targets will arrive at a phishing site for what appears to be an entity supporting and staging esports competitions. Visitors must sign in with their Steam accounts to join a team and compete. The new login page window is a false window created within the current page, making it difficult to identify as a phishing operation. It is not a genuine browser window that has been layered on top of the original website. The landing pages even support 27 different languages, detecting and loading the victim's preferred language based on browser settings. This article continues to discuss the performance of BITB attacks to steal Steam accounts.