Summary: A new phishing campaign targeting online gamers, especially Counter-Strike 2 players, employs sophisticated “browser-in-the-browser” (BitB) techniques to steal Steam accounts. Cybercriminals create convincing fake browser pop-up windows that mimic real login pages to trick victims into revealing their login credentials. The campaign also leverages the name of a professional eSports team, Navi, and promotes these scams through platforms like YouTube.
Affected: Online gamers, specifically players of Counter-Strike 2 and Steam users.
Keypoints :
- Phishing attacks use fake browser pop-ups to appear legitimate, targeting Steam accounts.
- The campaign demonstrates sophisticated tactics, including referencing professional eSports teams like Navi.
- Users can identify fake pop-ups by attempting to move the window outside the browser or checking the behavior of pop-up windows.