The Steam platform, which has more than 120 million players worldwide, has always been a key target of phishing attacks due to the lucrative trading of virtual items in many games in the market. The overseas network security organization CERT-GIB recently released a brand-new network. The phishing technology “browser-in-the-browser” can successfully forge SSL certificates and defraud players’ account information, calling players and Valve to pay special attention.
This “browser within a browser” was discovered by cyber researcher mr.d0x in the spring of 2022. In short, these hackers used phishing resources to create a pop-up account login window, which visually matched the There is no difference in the actual login window, and account information entered by the player through that window is stolen.
According to the description of CERT-GIB, criminals will first establish many current popular game e-sports event pages, such as “CS: GO”, “PUBG” and other works, these pages are safe, but this page will tempt players to log in And link to Steam or other game accounts, and the login window that pops up after clicking login is faked by hackers.
When preventing common traditional phishing attacks, the security of the URL is usually verified by whether the URL is correct and the green lock symbol next to the URL is an SSL certificate.
However, this “browser-in-browser” approach bypasses this restriction. The scam page that the player enters at the beginning is legitimate and safe, but the browser window that pops up by clicking the link to the page is fake, and the browser can forge the SSL certificate, and you can’t see any difference in the URL.
In other words, the general browser security architecture can protect the first layer of the surface, but the pop-up browser security has serious loopholes. When players believe the truth and believe that the login window is legitimate and safe, they enter the account information, and they succeed. This technique can even be applied to login on other SNS platforms such as Google, Facebook, Twitter, etc.
CERT-GIB revealed that the links to these scam pages are often spread through other SNS platforms. You may click on the short URL of a YouTube channel, and then be lured by the scam activity page to log in to the game account, so in any case, do not click distrust Links to the source of the phishing also need to carefully filter SNS notification messages or emails to avoid falling into the trap of new phishing attacks.