Security News > 2022 > September > Hackers steal Steam accounts in new Browser-in-the-Browser attacks
Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors.
Today, Group-IB published a new report on the topic, illustrating how a new campaign using the 'Browser-in-the-Browser' method targets Steam users, going after accounts for professional gamers.
These phishing attacks aim to sell access to those accounts, with some prominent Steam accounts valued between $100,000 and $300,000.
The new login page window isn't an actual browser window overlaid over the existing website but rather a fake window created within the current page, making it very hard to spot as a phishing attack.
In similar attacks, the threat actors quickly hijack the Steam accounts, changing passwords and email addresses to make it more difficult for the victims to regain control over their accounts.
In all Browser-in-the-Browser phishing cases, the URL in the phishing window is the legitimate one, as the threat actors are free to display whatever they want since it's not a browser window but merely a render of one.
News URL
Related news
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Malicious Browser Extensions are the Next Frontier for Identity Attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- New Apple CPU side-channel attacks steal data from browsers (source)