Malwarebytes researchers have discovered yet another phishing scheme related to gaming. The latest is a Steam Guard phishing scam that steals users SSFN files and Steam log-in credentials, according to Malwarebytes researchers.
Previous Steam Guard scams would prompt users to upload their SSFN files to a fishing page, but this latest scam goes to great lengths to automate the process. The enticing bait for gamers is a community profile full of items ready for trading.
Once users show some interest in the scam, they are redirected to a fake log-in page, asked to enter Steam credentials, and then asked to run a Steam Guard file. That Steam Guard file is a fake and instead uploads the unsuspecting victim's SSFN file and log-in credentials to a domain in Russia. Armed with the files and the personal information, the phisher will have easy access to the victim's account.
"This is the first fake Steam Guard and SSFN file swiper I've come across so far," says Chris Boyd, malware intelligence analyst at Malwarebytes.
Malwarebytes will have a full report on this latest phishing scheme soon on its official blog.