Steam Account Users Getting Hacked via Fake Steam Guard File and Steals Username and Password
By Ryan Inoyori | June 26, 2014 2:23 PM EST
New phishing scheme on Valve's Steam is now attempting a brand new trick for users to download malicious software which bypasses the security measure implemented by Steam Guard that all players should know about.
New Phishing Scheme against Steam
A new phishing scheme is now challenging Valve's security measure called Steam Guard system on Valve's Steam account by tricking users to download malicious software. The new scheme bypasses Steam Guard and leads account holders to upload Steam Guard SSFN file to a fake login page.
Based on the details from Malwarebytes, phishers have managed to evade Steam Guard implementation on Steam gaming accounts which asks users to dig out relevant Steam Guard SSFN file from their folders then have them upload manually through a fake login page.
Once the phishers are able to retrieve the sensitive information, they can now use the collected usernames and passwords to ultimately bypass the protection and make use of the accounts for themselves.
Schemers commonly trick users by simply sending a private message telling that "my friend" wants to trade but unable to add due to Steam error claim. Included on the private message is the fake Steam Web page pretending as a community site containing interesting in-game items for trading.
Steam phishing season pic.twitter.com/KJBTFKdAdo
— Mohab Ali (@0xAli) June 20, 2014
And the phishing saga continues http://t.co/EMqFUafab1 pic.twitter.com/Av9nTwAFMg — Mohab Ali (@0xAli) June 21, 2014
— Mohab Ali (@0xAli) June 25, 2014
A fake profile will also be visible with non-existent rare items to entice users on accepting trade-in items. Once convinced, tricked users are sent over a fake login page similar to the standard login page.
Using an old scamming scheme, users will see a fake Steam Guard box that asks to navigate the Steam folder. After that, it will request to upload the SSFN file manually to the phishing page.
Malwarebytes caught the odd part with the file based on the notification text appearing on the fake Steam Guard executable file.
"Hello! We see you're logging into Steam from a new browser or new computer.
As an added account security measure you'll need to grant access to this browser by running the special tool (SteamGuard) we just sent to your computer.
To complete login you should click to open tool, then authentication is automatically completed. We worry about your security and every time improve protection."
Running the file is a wrong move regardless of its claim as a Steam Guard security feature and will compromise any secured gaming accounts on Steam. Unsuspecting account holders should know what will happen next after executing the file:
1. It contacts a ".ru domain" to begin phising.
2. After the contact, it will start to locate the Steam folder on the machine.
3. Detects the SSFN file.
4. Uploads the files to the phishing Web site.
5. Allow phishers to use stolen username and password without any hassle.
If any users utilize the Malwarebytes Anti-Malware software, the file will be detected as a Spyware.Steam. There is no accurate details yet regarding the domain or how it penetrates and able to fake out a Steam Guard file but it appears to be a form of Steam spamming tool.
Valve's Steam gaming account holders should alert friends regarding this invasion to prevent sensitive data from being stolen.
To contact the editor, e-mail:
Most Popular Slideshows
- In Photos, Typhoon Rammasun Blasts the Philippines
- Ellen DeGeneres Caught Cheating with Mutual Friend Before Portia de Rossi’s Rehab – Reports [PHOTOS]
- Malaysia Airlines MH17: Vital Black Boxes Finally Land in Hands of Malaysian Authorities, Rebels Announce Ceasefire (PHOTOS/VIDEOS)
- Prince George Birthday: Adorable New Pictures of George Touching a Butterfly on William's Hand Released [SEE PHOTOS]
Join the Conversation
- Android 4.4.4 KitKat Update for Moto X Reported With Poor Battery Life; Six Ways to Resolve the Issue
- Destiny Beta Now into Maintenance; Xbox One Version Prepped for 1080p in Final Run
- Samsung Galaxy S5: Logitech Unveils Protection+ Case Accessory for Android Smartphone
- PS4 News: Developments for Uncharted 4, The Last of Us Remastered and a Possible New PS4/PS Vita Game
- Sony Xperia Z Android 4.4.2 KitKat Problems and Solutions: Battery Drain, Slow Performance, Overheating, Sound Bug and SD Card
- Motorola Moto G Vs. Xiaomi Mi3 – Low in Price, High -level Features
- Google Nexus 8 Release Date Soon Along with 2 More HTC Android Tablets – Reports
- Sony PlayStation 4 Outsells a Resurgent Xbox One in June
- Killer Xiaomi Mi4 at $369 Likely to Come With 5.0-Inch Display, Snapdragon 801 Processor, 3GB RAM and More
- NVIDIA Shield Gaming Tablet with Tegra K1 SoC Reported to be Released on July 29
- Windows Phone 8.1 Update Rollout: 20 Nokia Lumia Phones Eligible and 13 New Features to be Added
- Moto 360 Price Speculations, Key Features, Strategic Release Date, Design: A Watch That is More Than Just Time