Accounts and in-game payment information was recently targeted by a trojan called BloodyStealer and last summer, a bug in Steam’s code let gamers trick the platform’s Smart2Pay system to fill their digital wallets with unlimited funds. Steam has been abused in the past as well. A report from Sophos last summer showed malware on Discord is up 140 percent over 2020. Gaming Security WoesĪttacks on the gaming industry skyrocketed during the first year of the pandemic, with attacks on web applications shooting up 340 percent in 2020, according to Akamai.ĭiscord, which is popular for hosting gaming servers, has been grappling with a malware problem for many months. from Kaspersky Labs - so it’s no wonder that they’ve become common targets for phishing, malware and more. Stolen gamer accounts can fetch around $14 per 1,000 accounts in underground criminal forums, according to a report from Sept. “Behind the scenes, though, their Steam credentials have already been stored into the scam website.” “When Discord users key in their Steam credentials in the fake pop-up, it will show them the error message saying, ‘The account name or password that you have entered is incorrect,'” the report said.
The gambit is intended to fool users into thinking they’re being taken to the Steam platform to enter in their login information - supposedly to fulfil the request to “link” the Steam account with Discord for the free Nitro subscription. Fake Pop-Up AdsĪs Malwarebytes Labs explained in the report, once a victim clicks on the button, the site appears to serve a Steam pop-up ad, but researchers explained the ad is still part of the same malicious site. The button initiates a fake pop-up window that appears to send targets off to Steam - but in fact, it keeps them on the same malicious page. There are several malicious domains associated with the spoofed page, analysts noted: The malicious link takes users to a spoofed Discord page with a button that reads, “Get Nitro.” “Just link your Steam account and enjoy,” the message says, and it includes a link purportedly to do just that.
0 kommentar(er)
