According to a tweet by the security researcher nullcookies, one has been created false website Steam, which is supposed to offer skins through giveaways. In fact, site steals logins credentials of the victims.
The phishing site was discovered by the nullcookies researcher.
These Phishing Steam sites usually appear directly on Steam. The hackers display messages on Steam profiles that say: “Dear winner! SteamID has been chosen as the winner of the weekly giveaway. Get Karambit Doppler at giveavvay.com ”.
If the user opens the link, it will be taken to a site that informs him of his gift. The phishing site also has a fake chat screen on the left side of the page.
In order for the user to get free skins, he must login to the site using them Steam credentials of. Then you have to wait for the words to appear “SKIN RAIN” in chat. When the words appear, the site tells the user to click on the words to get one of the free skins.
In the meantime, the chat messages that appear on the site are also fake. They do not come from real visitors. Instead, hackers use one JavaScript script, which contains various phrases that are randomly selected and inserted into the conversation to make it look like a normal conversation.
If a user falls into the trap and clicks “Sign in via Steam”, will be transferred to a supposed Steam login form, which is actually false. The users can't understand scam because the page is very similar to the official Steam page. So they put their credentials and these are transferred to hackers.
In this way, hackers gain access to the victim's credentials, invade the account Steam and able to perform various malicious activities.
The good news is that the phishing site is hosted on CloudFlare and that means users will receive one notice, if they try to access the phishing site.
Users should avoid linking to the site from unknown sources. It should be linked directly from the steampowered.com domain, to be sure the credentials will not end up crooks.