Steam Accounts Are Being Stolen With a New Kind of Attack

Hackers are stealing Steam accounts through a new type of phishing attack that has been discovered by cybersecurity experts at Group IB.

Group IB’s report highlights a hacker group that has been using an elusive phishing kit to steal Steam accounts from gamers. The hackers lure people into giving away their Steam credentials which are then sold on the black market. Some high-profile accounts were reportedly sold for over $100,000 – $300,000.

How They Do It

The hacker group mostly operates on Discord or Telegram and uses a phishing kit capable of “browser-in-browser” attacks, something that is not widely used in the cybercrime community. The hackers reach out to pro gamers and invite them to tournaments for popular games such as CS:GO, Overwatch, Dota 2, PUBG, and others.

The invite includes a malicious link that takes the victims to a tournament website that looks like it has been sponsored by a legitimate organization. To sign up for the tournament, the website asks you to enter your Steam credentials into a pop-up window, except it isn’t a browser pop-up at all. It is an entirely fake window that steals the victim’s login details including a 2FA code.

If you enter the wrong code, an error message will show up on the website, but if you enter the right details, you will be taken to a legitimate website which makes it all seem real. The worst part is that it is extremely difficult for the victim to spot that they’re being hacked since the link in the search bar will look legitimate.

You can protect yourself from such attacks by blocking JavaScript in your browser, but that would be an extreme measure since it would break a lot of websites. In general, gamers are advised to be wary of tournament links received from Telegram or Discord groups.