Attackers have been targeting users of the popular Steam online gaming platform by using an emerging phishing tactic that deploys authentic-looking fake browser windows to steal credentials and take over accounts. The widespread campaign is a signal to businesses that the novel technique should be on security radars going forward.
Dubbed "browser-in-the-browser," the savvy phishing approach was first spotted about seven months ago by a researcher who goes by the name "mr.d0x."
The technique involves opening a pop-up window or a new tab that looks like any other browser window. However, this window is actually a phishing page that steals credentials, in this case allowing attackers to defraud gamers on Steam (which has more than 120 million users) of potentially thousands of dollars, according to researchers at Group-IB.
Browser-in-Brower: A New Threat
While targeting Steam users is not a new tactic, using a browser-in-the-browser method is — and it's why this recent campaign is having success where others did not, Group-IB's Ivan Lebedev, head of CERT-GIB anti-phishing and global cooperation group, and Dmitry Eroshev, CERT-GIB analyst, wrote in a recent blog post.
"Fraudsters have been creating hundreds of phishing resources masquerading as Steam for more than 20 years, but most of these websites looked half-baked and users easily spotted a fake," they wrote.
Indeed, phishing has been around so long most people browsin ..
Support the originator by clicking the read the rest link below.
