- #FAKE STEAM ACCOUNT GENERATOR VERIFICATION#
- #FAKE STEAM ACCOUNT GENERATOR CODE#
- #FAKE STEAM ACCOUNT GENERATOR DOWNLOAD#
Below is the obfuscated JavaScript used to detect if the console is open.įigure 7: The obfuscated JavaScript to detect a browser consoleĪfter two levels of deobfuscation, we can see the script that detects whether the browser console is open.
#FAKE STEAM ACCOUNT GENERATOR CODE#
In this way, it prevents users from looking into the code directly.
![fake steam account generator fake steam account generator](https://i.ytimg.com/vi/Kjw6CnQTRWY/sddefault.jpg)
This phishing campaign also uses some anti-analysis techniques by detecting if the console is open in the browser. If a user falls for this phishing and enters the login credentials, the credentials are sent to the attacker and the user is redirected to the legitimate site (hxxps://bitskinscom). When the victim clicks on the “Sign in through STEAM” button, the above discussed fake browser pop-up gets loaded from the below URL.įigure 6: The fake Steam login page, which is used as a pop-up on the main page Attackers have designed it precisely to make it look legitimate for example, the color of the domain is slightly darker than the URI portion, and the color of the HTTPS part changes on mouseover. But when we try to drag this prompt from the currently used window, it disappears beyond the edge of the window as it is not a legitimate browser pop-up and is created using HTML in the current window.įigure 4: The fake browser pop-up window disappears beyond the edgeįigure 5: The fake browser pop-up window created using HTMLįrom the above screenshot, you can see that the browser header, address bar, and buttons to resize the window all are designed in HTML. In this case, everything looks fine as the domain is steamcommunitycom, which is legitimate and is using HTTPS. Normally, the measures taken by a user to detect a phishing site include checking to see if the URL is legitimate, whether the website is using HTTPS, and whether there is any kind of homograph in the domain, among others. As the user clicks on the “Sign in through STEAM” button, a Steam login window pops up. To perform a custom search or add items to a cart, users are asked to sign in with their Steam credentials. The following screens show the phishing CS:GO site (top) and the actual CS:GO site (bottom). To make the phishing sites appear more legitimate, there is a fake chatbox with randomly selected phrases based on current events. The phishing site looks much like the real one. Cybercriminals will attempt to hijack a Steam account so they can launch other scams and attacks and steal or trade the victim's items. The all-time peak number of concurrent users for CS:GO was 854,801.ĭue to its popularity, the Steam platform has also become a popular target for attack. At the time of this publication, the Steam site was showing more than 700,000 users currently playing CS:GO. How popular? According to statistics on the company website, the Steam platform has between 10 and 20 million concurrent users playing on any given day. Steam is highly popular among gamers as it allows for multiplayer capabilities. Steam offers digital rights management (DRM), matchmaking servers, video streaming, and social networking services, and it provides users with installation and automatic updates of games as well as several community features.
![fake steam account generator fake steam account generator](https://pointsprizes-blog.s3-accelerate.amazonaws.com/42.jpg)
Steam has also expanded into an online web-based and mobile digital storefront. Steam is a video game digital distribution service that provides automatic updates for various games. A similar campaign was seen in December 2019 and the campaign is still up with few enhancements, such as using a fake browser pop-up window for login along with some anti-analysis techniques, which are discussed in this blog. These sites use an uncommon phishing technique that is difficult to detect. You’re going to use these every time you sign in to Steam client.Recently, the Zscaler ThreatLabZ team came across multiple fake Counter-Strike: Global Offensive (CS:GO) skin websites aimed at stealing Steam credentials.
#FAKE STEAM ACCOUNT GENERATOR VERIFICATION#
Go to your email, find the email from Steam, and click on the verification link that says Create My Account.Įnter your preferred Account name and password. Go to the bottom of the form and put a check mark on the I agree box and select CONTINUE button. It’s also important that you pick the right country to avoid complications later on. Make sure that you enter a valid email address.
![fake steam account generator fake steam account generator](https://2.bp.blogspot.com/-GPVTP1SMaAs/VxxCOsgAzWI/AAAAAAAACSQ/hTw-2ed5_YU94-pCXcTCSYRGEeWjX4HmACLcB/s1600/d9hxDkJ.png)
Once you’ve installed the client, open it.
![fake steam account generator fake steam account generator](https://i.ytimg.com/vi/OWHrzsMH7_U/hqdefault.jpg)
#FAKE STEAM ACCOUNT GENERATOR DOWNLOAD#
Make sure that you only download the client from official Steam website. Below are the exact steps that you must do. All you have to do is to download the Steam client and enter the necessary information.