top of page
logo malizen cybersecurité

New hacking campaign targeting Steam users

Updated: Aug 22, 2023

A short while ago, Group-IB published a statement reporting that hackers were launching attacks to steal Steam credentials using a new and increasingly popular Browser-in-the-Browser phishing technique.

This technique creates fake browser windows in active windows. Victims are lured by direct messages on Steam inviting them to join a team for certain tournaments (LoL, CS, Dota 2...). The shared links take the targets to a phishing site that appears to be an organization that sponsors and hosts e-sport competitions. To join a team, players must log in with their Steam account and therefore fill in personal information then stolen.

Group-IB claims that the phishing kit used to attack Steam accounts is not spread on hacking forums or dark web markets. It is only used privately by hackers who exchange on Discord or Telegram to coordinate.


logo Malizen

Follow our adventures !

  • Discorde
  • X
  • LinkedIn

Subscribe to our newsletter

Be notified every time we have news !

Thanks for subscribing !

By subscribing, I agree to the General Terms of Use and Privacy Policy.

bottom of page