New hacking campaign targeting Steam users

Updated: Sep 23

A short while ago, Group-IB published a statement reporting that hackers were launching attacks to steal Steam credentials using a new and increasingly popular Browser-in-the-Browser phishing technique.

This technique creates fake browser windows in active windows. Victims are lured by direct messages on Steam inviting them to join a team for certain tournaments (LoL, CS, Dota 2...). The shared links take the targets to a phishing site that appears to be an organization that sponsors and hosts e-sport competitions. To join a team, players must log in with their Steam account and therefore fill in personal information then stolen.

Group-IB claims that the phishing kit used to attack Steam accounts is not spread on hacking forums or dark web markets. It is only used privately by hackers who exchange on Discord or Telegram to coordinate.

Recent Posts

See All

On August 21st, the Hospital Center in Corbeil-Essonne was attacked by a group of hackers believed to be LockBit 3.0. The attack affected business software, storage systems and the patient admissions

On July 4th, La Poste was the victim of a large-scale hack via its mobile app. The data from tens of thousands of users (name, address, phone number, email and banking information for some) were stole

A NPM supply-chain attack dating back from December 2021 used dozens of malicious NPM modules containing obfuscated Javascript code to compromise hundreds of apps and websites. The attackers are known

Malizen cybersecurity operations france

Follow our adventures !

  • Discorde
  • Gazouillement
  • Linkedin

Subscribe to our newsletter

Be notified every time we have news!

Thanks for subscribing !

By subscribing, I agree to the Terms of Use and Privacy Policy.