New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 Players

Description

A sophisticated phishing campaign targeting Counter-Strike 2 players has been uncovered, employing browser-in-the-browser (BitB) attacks. The campaign aims to steal Steam accounts by creating convincing fake browser pop-ups that mimic legitimate login pages. The threat actors are abusing the identity of the pro eSports team Navi and promoting their scams on platforms like YouTube. The stolen accounts are likely intended for resale on online marketplaces. The majority of the phishing sites are in English, with one Chinese site discovered. This campaign highlights the ongoing evolution of phishing techniques and the importance of vigilance when encountering login pop-ups, especially for desktop users.