CyberNews Briefs

Hackers Steal Steam Credentials With ‘Browser-in-the-Browser’ Technique

Cybersecurity researchers at Group-IB have warned that hackers are targeting the video game platform Steam to target users with a new phishing technique named broswer-in-browser (BitB). Group-IB released new data earlier this week describing the attack, which uses a fake browser window in the same tab rather than traditional techniques of opening phishing webpages in a new tab. For some users, the window opening in a new tab can be a sign that the link is malicious. Data entered by users into the fake pages is immediately sent to threat actors, who then log into the legitimate resource.

Group-IB explained how this campaign is aiming to steal Steam credentials and sell access to the accounts on dark web forums. The phishing technique was first observed in Spring 2022, Group-IB reports. In addition, the phishing campaign is convincing as almost every clickable button on the fake Steam homepage brought users to a data entry form that mimics a legitimate Steam window. Steam users should be wary of this threat and exercise caution when signing in.

Read More: Hackers Steal Steam Credentials With ‘Browser-in-the-Browser’ Technique


OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.