Security News > 2022 > September > Hackers steal Steam accounts in new Browser-in-the-Browser attacks
Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors.
Today, Group-IB published a new report on the topic, illustrating how a new campaign using the 'Browser-in-the-Browser' method targets Steam users, going after accounts for professional gamers.
These phishing attacks aim to sell access to those accounts, with some prominent Steam accounts valued between $100,000 and $300,000.
The new login page window isn't an actual browser window overlaid over the existing website but rather a fake window created within the current page, making it very hard to spot as a phishing attack.
In similar attacks, the threat actors quickly hijack the Steam accounts, changing passwords and email addresses to make it more difficult for the victims to regain control over their accounts.
In all Browser-in-the-Browser phishing cases, the URL in the phishing window is the legitimate one, as the threat actors are free to display whatever they want since it's not a browser window but merely a render of one.
News URL
Related news
- Malicious Browser Extensions are the Next Frontier for Identity Attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- New Apple CPU side-channel attacks steal data from browsers (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)