Security News > 2022 > September > Hackers steal Steam accounts in new Browser-in-the-Browser attacks

Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors.

Today, Group-IB published a new report on the topic, illustrating how a new campaign using the 'Browser-in-the-Browser' method targets Steam users, going after accounts for professional gamers.

These phishing attacks aim to sell access to those accounts, with some prominent Steam accounts valued between $100,000 and $300,000.

The new login page window isn't an actual browser window overlaid over the existing website but rather a fake window created within the current page, making it very hard to spot as a phishing attack.

In similar attacks, the threat actors quickly hijack the Steam accounts, changing passwords and email addresses to make it more difficult for the victims to regain control over their accounts.

In all Browser-in-the-Browser phishing cases, the URL in the phishing window is the legitimate one, as the threat actors are free to display whatever they want since it's not a browser window but merely a render of one.

News URL

https://www.bleepingcomputer.com/news/security/hackers-steal-steam-accounts-in-new-browser-in-the-browser-attacks/