Browser-in-the-Browser attacks target CS2 players' Steam accounts

A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page. The attackers impersonate the Ukrainian e-sports team Navi to bait devoted fans and add legitimacy to the phishing page by using a recognizable brand. The campaign uses the Browser-in-the-Browser (BitB) phishing technique created by cybersecurity researcher mr. dox in March 2022. This phishing framework allows threat actors to create realistic-looking popup windows with custom address URLs and titles within another browser window. Basically, this phishing technique creates fake browser windows within real browser windows (Browser in the Browser) to create login pages or other realistic forms to steal users' credentials or one-time MFA passcodes (OTP). Threat actors adopted Browser-in-the-Browser attacks later that year in large-scale attacks attempting to steal Steam accounts. Facebook phishing page using the BitB ... Read full article.