{"id":15624,"date":"2019-06-25T20:47:24","date_gmt":"2019-06-26T04:47:24","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/06\/25\/news-9373\/"},"modified":"2019-06-25T20:47:24","modified_gmt":"2019-06-26T04:47:24","slug":"news-9373","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/06\/25\/news-9373\/","title":{"rendered":"Fresh \u201cvideo games\u201d site welcomes new users with Steam phish"},"content":{"rendered":"

Credit to Author: Jovi Umawing| Date: Fri, 21 Jun 2019 16:51:22 +0000<\/strong><\/p>\n

Over the weekend, I received this unsolicited message from an acquaintance on Steam:<\/p>\n

\n
\"\"<\/figure>\n<\/div>\n
\n

1 free game for new users!
Take the game you want https:\/\/t.co\/{redacted} <\/p>\n<\/blockquote>\n

Fortunately, other friends on Steam were quick to publicly warn others about potentially hacked accounts spamming dubious messages to anyone (if not all) in their network. I was reading these warnings hours before receiving a sample of the spam message to my own account.<\/p>\n

A shallow online search reveals that this campaign has been going on since mid-March of this year. Because it\u2019s quite low-profile, not a lot were able to dig deeper into it. We\u2019ll attempt to do that here.<\/p>\n

Latest Steam phishing campaign: a walk-through<\/strong><\/h3>\n

Steam users were right to point out that this shortened URL indeed redirects to a phishing domain\u2014but not at once.<\/p>\n

Clicking the t.co<\/em> link, which is a Twitter shortened URL, in the chat takes users to the site behind it: steamredirect[dot]fun<\/em>. This is the re-director domain that takes users to the \u201cproper\u201d phishing page, which pretends to be a site where one can win free games.<\/p>\n

\n
\"\"
Screenshot of the site called Gift4Keys, just one of the many identical websites out there that the shortened URL points users to.<\/figcaption><\/figure>\n<\/div>\n

In the middle of the site is the \u201cTry your luck\u201d section, a roulette game where users can get their (supposed) free game. All they have to do is press the blue Play button.<\/p>\n

\n
\"\"<\/figure>\n<\/div>\n
\n
\"\"
Whoo! I won PUBG!<\/em>
<\/figcaption><\/figure>\n<\/div>\n

The page then shows to the user that they have less than 30 minutes to claim the complete key by logging into their Steam account via the website. At the same time, the page also shows that the user would need to wait for 24 hours before they can roll the roulette again and get another free game.<\/p>\n

Clicking the Login via Steam button here\u2014or at the upper right-hand corner of the site\u2014opens a page that looks like the bog-standard unaffiliated third-party Steam login page. This is either as a pop-up window or a new tab. The site did both during several tests.<\/p>\n

\n
\"\"
The fake Steam login<\/figcaption><\/figure>\n<\/div>\n

Here are a few reasons why, at this point, Steam users should start considering bailing from this site all together and not hand over their credentials:<\/p>\n