Compromised Steam accounts sold online for about $100K

September 13, 2022
Compromised Accounts Steam Gaming Sold Dark Web Hacking Forum Browser in the Browser BitB Phishing

Steam users are not safe against another form of cyberattack, the Browser-in-the-Browser (BitB) method, which goes after professional gaming accounts to be hacked and sold access online. Based on reports, compromised Steam accounts could be sold to other hackers in underground marketplaces for around $100,000 to $300,000.

The campaign involves a certain phishing kit that is not widely available in dark web forums and markets since its operators were privately utilising it on exclusive Telegram and Discord channels.

In this campaign, the threat operators send the targeted Steam users direct messages containing invite links to join a team for various online video games, such as PUBG, League of Legends, or Counter-Strike. Upon clicking the link, a phishing website will open, engineered by the hackers to look like a page for hosting e-sports competitions or gaming sponsorships.

If the victim gets interested in the offer of joining a team or playing in an e-sport competition, they would have to enter their Steam account credentials in a form. This form is an overlay of a login page created by hackers. The details are sent on their remote server, allowing them to easily harvest the entered credentials and hack into the victim’s account.

 

Once compromised, the Steam accounts are usually unrecoverable, considering that the hackers are quick to change the email addresses and passwords of the stolen accounts.

 

The Browser-in-the-Browser (BitB) attacks could often be an effective phishing technique for many hackers. This method allows them to display or overlay a malicious page on top of a legitimate website to trick the victims and steal their details.

Additionally, this attack would display the SSL certificate lock symbol on the URL to indicate a secured connection, sometimes enough to convince a victim that their browsing session is safe. Included also in the phishing kit is the feature that allows victims to drag, minimise, maximise, or move around the window or the browsing tab.

Cybersecurity experts note that blocking JavaScript may help users prevent displaying fake web pages or login forms, especially since BitB attacks require this script to work. Though the catch is that many popular websites also require JS script to be operable; thus, most people do not block them.

The easiest way to evade this campaign’s threat is to ignore suspicious messages from unknown entities. Securing your accounts with multi-factor authentication is also effective in adding more defences against hackers.

About the author

Leave a Reply