Steam Phishing Campaign Steals Credentials, Hijacks Accounts

A new phishing campaign is doing the rounds on the Steam game distribution platform, attempting to trick people into handing over their credentials via a roulette-style game promising free keys.

The fraudsters funnel the Steam users to the phishing websites with the help of a redirector domain which is hidden behind a URL shortened using t.co, Twitter's link-shortening service.

The phishing sites are promoted on the Steam platform using already hijacked accounts which deliver the shortened URLs to their friend list using the Steam chat.

Fake Steam game keys used as a lure

Once they land on the final phishing domain which, according to Malwarebytes Labs' research team, "pretends to be a site where one can win free games" winnable by launching a web roulette game that will lure the victims with fake Steam game keys.

"The page then shows to the user that they have less than 30 minutes to claim the complete key by logging into their Steam account via the website," state the researchers.

"At the same time, the page also shows that the user would need to wait for 24 hours before they can roll the roulette again and get another free game."

After clicking the "Login via Steam" button to claim the "prize," the targets will be sent to a bogus Steam login page in a new tab or a pop-up window that will deliver all entered Steam credentials to the phishing campaign operators.

The crooks will subsequently use the stolen information to hijack the victims' Steam accounts and spread the phishing links to even more targets which will get their own accounts compromised if they fall for the roulette trick.

Steam continuously targeted by fraudsters

"Links in identical campaigns in the past were not hidden behind a URL shortener. It’s also no surprise that these links kept changing," with several of the phishing domains used during this campaign still being active.

While this latest Steam phishing campaign is definitely not something new [1, 2, 3, 4], it does show that this type of attack is successful enough for crooks to keep starting new ones and upgrade them with new "features."

As Malwarebytes Labs notes, "this latest one has all the telltale signs of previous campaigns: Steam friend sends a message with link out of nowhere, link leads to a fake Steam login page, collected Steam credentials are used to hijack accounts and spam their friends."