New phishing campaign targets Steam users

Steam is one of the most popular gaming platforms today, and as such its users are frequent victims of complex and dangerous cyberattacks. Such is the case of user Daniel Belverde, also known as “Lord Alfajor”, who recently recounted how his Steam account was the subject of a phishing attack that started with a legitimate-looking link.

“The problem started when from a ‘friendly’ account they ask me to vote for a CSGO team,” the user mentioned through his Twitter account (@losalfajores). Belverde didn’t notice anything weird since the link came from a known account and redirected the user to a website with current security certificates. In this link, you were asked to enter a security code received via Steam Guard, the platform’s authentication service.

As recounted by the victim, Steam Guard sends a unique code to users when trying to log in to Steam in order to corroborate their identity. This code expires 20 seconds after it has been received.

On the website to which the user was redirected (https://authlogcologne) he was asked to enter the Steam Guard code, which allowed threat actors to access the affected account without attracting the attention of the multi-factor authentication system.

“Once inside my account there is no alarm because they entered legally with the code,” the user mentions. Steam also allows users to log in to two devices at once, so everything seemed in order for the platform’s security systems. While the threat actors could not have changed the password of the compromised account, they were able to extract some articles from the affected user. Belverde mentions that he noticed the attack because one of his friends on the platform asked him how it was possible that he was sending messages and playing on Steam at the same time.

Cybersecurity experts report that compromised Steam accounts could continue to be used by hackers to access other exposed accounts using a similar tactic. For security, users of any online platform are advised to ignore any links that redirect to websites external to the source platform, in addition to enabling multi-factor authentication whenever possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.