Hackers targeting Steam credential with new phishing technique
Group-IB found that hackers steal Steam credentials with a new phishing technique called ‘Browser-in-the-Browser’ (BitB). Hackers would send victims a bait webpage with a login button which, when opened, asked victims to fill out an account data entry form. Group-IB made several recommendations to detect such threats.
Researchers from Group-IB have found that hackers are stealing Steam credentials with a new phishing technique called ‘Browser-in-the-Browser’ (BitB). Essentially, this technique copies authentic pages and opens a fake browser window within an existing tab. According to researchers, hackers would send victims a bait webpage with a login button which, when opened, asked victims to fill out an account data entry form. Group-IB made several recommendations to users such as checking whether a new window opened in the taskbar, checking the functionality of the address bar, and paying attention to the fonts and design of the control buttons.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.