Posted on September 15, 2022 at 10:10 PM
Hackers have been targeting Steam credentials in a new phishing campaign. The campaign dubbed “Browser-in-the-Browser) the technique has been deployed during the campaign, according to a report by security researchers at Group-IB.
Hackers use the BitB technique for a new phishing campaign
There are notable differences between this phishing technique and the others used in the past. In the traditional phishing campaign, phishing webpages were opened in a new tab, and users were redirected to them.
However, with BitB, hackers are taking extra measures to guarantee that internet users will not realize that the resource is not legitimate. It does this by opening a fake browser window within the same tab to avoid suspicion.
When a user inputs their data on the malicious form, it is sent to the hackers before entering into the legitimate resource. The hackers are also aggressive in extracting user data because if the data provided is not correct, the user will see an error message that will prompt the user to provide accurate details.
Two-factor authentication will not prevent the hacker from accessing a user’s detail. When 2F has been enabled, the resource will run a code request. The code will be created through a separate program that will send a push notification to the user’s device. The nature of this attack strategy shows the hacker’s persistence and the extent they will go to make the resource appear legitimate.
The technical report published by Group-IB also describes how the Browser-in-the-Browser campaign is targeting Steam credentials. After these credentials were accessed, they were sold to other malicious actors who wanted access to these accounts.
Part of the advisory said that this attack was first detected in Spring 2022. The advisory has also said that the threat actors were taking advantage of how the Steam platform operated. Steam uses a pop-up window, which is a feature that the hackers are manipulating. The pop-up window is used for user authentication instead of opening a new window tab.
The advisory has also said that the threat actors sent messages to victims that contained different enticing offers. These offers were created to lure the users to the webpage that has a login button.
The report by Group-IB has also said that the web pages contain many buttons that will bait the user. Once either of these buttons is pressed, it will open an account data entry fork that looks like a legitimate Steam window. This is done to ensure that the user cannot distinguish genuine pages from those that are not genuine.
The bait pop-up window comes with a fake green lock sign, a fake URL link that can be copied, and an additional Steam Guard window that provides two-factor authentication. Group-IB also added that what was contained within the BitB phishing pages was entirely copied from the original pages. In most instances, the content on the phishing page also comprised an alert about data being saved through a third-party resource.
Additionally, the phishing pages contained all the buttons that were disabled except for the login confirmation and the option to switch languages. All the 27 interface languages also operated fully, with the selection being the same as the one used on the legitimate page.
Some of the Steam accounts affected by the phishing accounts contained large amounts of money. The report said that some were valued at $100,000 to $300,000. The high valuation of these accounts shows the damage caused by the threat actors.
Recommendations for companies to protect themselves
In the report, Group-IB also provides tips and recommendations that companies could use to protect themselves from such attacks in the future. Group-IB has provided ways that companies can detect fake browser windows. This includes comparing the design of the header and the address bar appearing on the pop-up window.
Users can also attempt to resize the windows to detect if they are fake or genuine. Fake windows cannot be resized. Users should also check the functionality of the address bar.
The research conducted by Group-IB primarily focused on BitB phishing campaigns. The research comes amid a notable increase in cybersecurity attacks in the gaming sector. For example, a report released in August by the Akamai cybersecurity company suggested that cybersecurity attacks within the blockchain gaming sector were rising. The attacks on the sector had risen by 167% within the past year.0