clock menu more-arrow no yes mobile

Filed under:

Steam phishing scheme steps up account jacking attempts with automation

Samit Sarkar (he/him) is Polygon’s deputy managing editor. He has more than 15 years of experience covering video games, movies, television, and technology.

The latest phishing scheme on Steam is attempting trick users into downloading malicious software that bypasses Valve's Steam Guard security feature, according to Malwarebytes Unpacked.

Steam Guard is two-factor authentication for Steam accounts. Valve launched the feature in 2011 and made it mandatory for all Steam Community trades by the end of 2012. It works by placing what's known as an "SSFN file" on computers that users have authorized with their Steam accounts. Steam checks for the SSFN file the next time around, and as long as it's there, the service knows that the user has previously logged in to their account using that device.

In April, Malwarebytes Unpacked reported on a Steam Guard-based phishing scam that got users to enter their login information on a fake website and then manually upload the SSFN file from their computer. Once the phishers had a Steam user's login details and SSFN file, they could get around Steam Guard and access the person's account.

The phishers must not have been satisfied with the return on that method, because they're now using a simpler strategy that more people may fall victim to. A private message is sent to advertise item trading with an apparently well-stocked Steam account, and the message includes a link to a fake login page. Once the user enters their details, the page asks them to download and run an additional piece of software to complete the login process.

According to Malwarebytes Unpacked, the software contacts a Russia-based website, then scans the person's computer for the SSFN file and uploads it to the phishing site. Together, that information is enough to hijack the account.