This attack method creates a convincing fake browser pop-up window that tricks users into entering their Steam credentials, allowing cybercriminals to steal valuable gaming accounts and virtual items. Silent Push researchers noted this attack in March 2025, noting that the phishing operation appears to originate from Chinese threat actors, with some sites displaying content in Mandarin alongside English elements. When users click on what appears to be a Steam login button, they’re presented with this fake browser window displaying a convincing replica of the Steam login page. Unlike traditional phishing that simply mimics website designs, BitB creates a fake browser window within the victim’s legitimate browser. When examining the attack closely, users would notice the URL in the fake address bar cannot be selected or modified, as it’s merely part of an image or styled HTML elements. To protect against such attacks, gamers should verify URL authenticity by attempting to edit the address bar, check for HTTPS padlock functionality, and use Steam’s mobile app for QR code authentication rather than entering credentials directly into browser windows. This includes spoofing browser UI elements like the address bar, security padlock icon, and window controls. The fake browser window is actually constructed using HTML and CSS to precisely mimic browser chrome elements. Silent Push’s analysis revealed a dedicated IP address (77.105.161[.]50) hosting numerous phishing domains with identical HTML structure. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. A sophisticated new phishing campaign has emerged targeting the gaming community, specifically Counter-Strike 2 players, using an advanced technique known as Browser-in-the-Browser (BitB).
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 25 Mar 2025 08:40:08 +0000