A new story from Netcraft reports that fraudulent look-alike domains are being leveraged to trick Steam community members into clicking phishing links and executing code that allows hackers to bypass the service’s strong authentication mechanism.
Per the Netcraft report, “victims are being targeted through Steam’s own chat client, giving fraudsters the opportunity to spear phish accounts which are known to contain valuable tradable items. Since the inception of Steam Trading, it has become easier to monetize stolen accounts by selling the victim’s virtual items to other Steam users.”
The evolution of the hacking technique focuses on bypassing Steam’s proprietary two-factor authentication tool Steam Guard.
Per Steam’s support page, “Steam Guard is an additional level of security that can be applied to your Steam account. The first level of security on your account is your login credentials: your Steam account name and password. With Steam Guard, a second level of security is applied to your account, making it harder for your Steam account to fall into the wrong hands.”
Netcraft notes that the hackers are bypassing Steam Guard via a polished pop-up window that promises an easier means to use the authorization tool if they’d open an executable SteamGuard.exe file. Of course, this is just a well thought out malware mechanism.
Netcraft further states that since May, more than 100 look-alike domains — for example, steamcommunty.com instead of steamcommunity.com — have been registered for the purposes of phishing. Of those, more than a third of the fraudulent sites are hosted in Russia.
Steam, which launched in 2003, is an online service that simplifies the legal digital distribution of video games. Developed by the Valve Corporation, Steam was reported to have 65 million active users in November 2013.