Hackers Steal Steam Credentials With ‘Browser-in-the-Browser’ Technique
Cybersecurity researchers at Group-IB have warned that hackers are targeting the video game platform Steam to target users with a new phishing technique named broswer-in-browser (BitB). Group-IB released new data earlier this week describing the attack, which uses a fake browser window in the same tab rather than traditional techniques of opening phishing webpages in a new tab. For some users, the window opening in a new tab can be a sign that the link is malicious. Data entered by users into the fake pages is immediately sent to threat actors, who then log into the legitimate resource.
Group-IB explained how this campaign is aiming to steal Steam credentials and sell access to the accounts on dark web forums. The phishing technique was first observed in Spring 2022, Group-IB reports. In addition, the phishing campaign is convincing as almost every clickable button on the fake Steam homepage brought users to a data entry form that mimics a legitimate Steam window. Steam users should be wary of this threat and exercise caution when signing in.