This phishing kit was first discovered and shared by a researcherMr.d0xin March 2022.
How Does The Scheme Work?
Almost any button on bait webpages opens an account data entry form mimicking a legitimate Steam window.
If the data is incorrect, victims see an issue notification.
Further, if the victim has enabled two-factor authentication (2FA), the resource returns a code request.
The code is created using a separate tool, which sends a push notification to the users unit.
By now, the threat actors would have already received the victims stolen credentials.
Unlike phishing-as-a-service schemes, which usually involve developing phishing kits for sale, Steam phishing kits are kept secret.
How To Identify A Fake net internet ride WindowBrowser-In-The-net internet ride Attack?
The company has yet to comment on the discovery made by Group-IB.
source: www.techworm.net
