Fake Steam Skin Giveaway Site Steals Your Login Credentials


Fake Steam Skin Giveaway Site Steals Your Login Credentials (Dec 1, 2019)

The researcher “nullcookies” posted on Twitter of their discovery of a fake Steam gun skin giveaway site that steals users credentials. Steam is a video game service for PC used by third-party publishers to distribute their games and allow users to play them. Steam phishing pages have been seen being endorsed by leaving comments on legitimate Steam profiles stating that they are the “winner” of a giveaway and must go to the website “giveavvay[.]com”. Users must then enter their Steam details on this website to receive the supposed skins. The campaign includes some techniques to make the webpage appear legitimate. The page has a fake chat forum that impersonates the legitimate forum, but actually just contains hard-coded messages contained in a JavaScript script with the context of the conversation potentially relevant to the user. The threat actor(s) behind this campaign also utilize a Steam Guard Request in a further attempt to legitimize the malicious activity.

Recommendation: In situations like this and to ensure that a user is protected, you must only login directly to the legitimate website and for Steam. The authentic domain for Steam is “steampowered.com”. Sometimes using a search engine to assist in locating the domain can be useful in helping your employees avoid potentially malicious websites.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.