Summary: A phishing campaign targeting Counter-Strike 2 players has emerged, utilizing Browser-in-the-Browser (BitB) attacks to create a fake Steam login interface. Attackers impersonate a well-known e-sports team to lend credibility to their scams, which aim to steal users’ Steam account credentials. The campaign promotes malicious sites that offer enticing in-game items in exchange for login information, potentially resulting in stolen accounts being sold on the grey market.
Affected: Counter-Strike 2 players, Steam accounts
Keypoints :
- Phishing campaign leverages the BitB technique, creating realistic fake popups for credential theft.
- Malicious websites promise free CS2 loot, prompting users to log in via fake Steam popups.
- Stolen accounts can be resold for significant amounts based on their in-game items and history.