A new phishing scam attempts to steal Steam login details and is specifically targeted at Counter-Strike 2 players. The BitB (browser-in-the-browser) attack presents users with a pop up promising free CS2 cases, seemingly with the endorsement of prominent Counter-Strike 2 team Natus Vincere (best known as Navi). The contents of the cases are revealed to the user, who is told that, in order to claim them, they must input their Steam details. Cyber security firm Silent Push, which discovered, investigated, and has now shared a report on the scam, says that these login details may then be sold on auction websites where buyers can bid on Steam accounts.
Counter-Strike 2 players should be aware of a pop up called ‘Navi Roulette,’ which presents an image of the eponymous esports team alongside a prompt to open a free CS2 case. If you click the prompt, the pop up will show you a skin that you have ostensibly ‘won,’ and tell you that in order to claim it and use it in the FPS game, you need to click a second link and enter your Steam login details. You can see an image of the pop up below:
As detailed by Silent Push, the cyber security company which discovered the scam, the pop up may potentially trick users as it redirects to what appears to be the actual Steam login page, complete with a legitimate-looking URL. However, Silent Push notes that this second browser window, which displays Steam’s login gateway, lacks basic functionality. It cannot be minimized or maximized, or moved around using the cursor, a common signal that a browser window is illegitimate and likely part of a phishing attack.
Silent Push explains that the attack is likely an attempt to steal victims’ Steam login details, with the perpetrator(s) of the scam seemingly intent on reselling those details on auction sites. The cyber security expert uses one such site as an example, where a Steam account containing 2,100 games and 2,000 DLC items is up for sale for $30,000.
“This sophisticated campaign primarily targets Counter-Strike 2 players while abusing the brand and identities of the pro esports team Navi,” Silent Push says. “Our threat analyst team is making some of the technical fingerprints we’ve observed this threat actor using public to provide education on the issue, increase awareness, and enable external researchers to track the threat actor’s sites.”
You can follow us on Google News for daily PC games news, reviews, and guides. We’ve also got a vibrant community Discord server, where you can chat about this story with members of the team and fellow readers.
