do son 
Fake Browser Pop-Up Window | Image: Silent Push
A new phishing campaign employing sophisticated “browser-in-the-browser” (BitB) techniques has been uncovered by Silent Push Threat Analysts, revealing a crafty method cybercriminals are using to target online gamers.
These attacks utilize fake, yet highly convincing, browser pop-up windows designed to trick victims into divulging their login credentials. The primary target of this campaign is players of the popular game Counter-Strike 2, with the attackers aiming to steal Steam accounts. The stolen accounts are likely intended for resale in online marketplaces.
The threat actors are using deceptive tactics to lure their victims. The report states that the campaign’s attack strategy involves “abusing the names of a professional eSports team called Navi.” By creating fake browser pop-up windows that prominently display the real website’s URL, the attackers aim to create a false sense of security, making victims believe the pop-ups are legitimate.
The report highlights the global nature of these attacks, noting that while most of the websites were in English, one Chinese site was found using Mandarin with some English words.
The Silent Push report delves into the mechanics of the browser-in-the-browser attack, explaining that it’s a phishing technique where threat actors “emulate trusted services with fake pop-up windows that resemble the actual login pages.” Although the concept of BitB attacks has been discussed in theoretical contexts, the report emphasizes that it is relatively rare to observe threat actors actively deploying this technique.
The attackers are creating phishing kits that target Steam, Counter-Strike 2, and the Navi esports team, indicating a level of research into gaming communities.
The cybercriminals are not only using sophisticated attack methods but also actively promoting their schemes. The report points out that the threat actors are spreading their phishing efforts on platforms like YouTube. In one instance, a YouTube post promoting a scam domain received over 600 likes, suggesting a potentially purchased level of engagement to further deceive victims.
The report clarifies the motivation behind targeting Steam accounts, explaining that accounts with a substantial number of games can be sold for significant amounts of money, “sometimes for tens of thousands of dollars.” The report also provides examples of websites where these illicitly obtained Steam accounts are sold.
The Silent Push report provides valuable insights into how to detect and avoid falling victim to these BitB attacks. It emphasizes that these attacks are most effective against desktop users, as the fake pop-ups are designed for larger resolutions.
A key method for identifying these fake pop-ups is to check if the window can be moved outside the browser. “Legitimate windows, including pop-ups, can be maximized, minimized, and moved outside the browser window. However, fake pop-ups…cannot be maximized, minimized, or moved outside the browser window.” The report advises users to be wary of login pop-ups with URL bars and to attempt to drag the window outside the browser to verify its authenticity.
In the event of falling victim to a BitB attack, the report recommends immediately changing the credentials associated with the compromised account.
