216.73.216.174

New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 Players

· Published 25/03/2025 09:02 · Modified 25/03/2025 13:20

Export JSON

Essential information

Published
25/03/2025 09:02
Modified
25/03/2025 13:20
Tags
2025-03-25 browser-in-the-browser counter-strike 2 credential-theft esports gaming phishing steam
Related entities
8 observables, 8 techniques (mitre), 1 others

Description

A sophisticated campaign targeting players has been uncovered, employing (BitB) attacks. The campaign aims to steal accounts by creating convincing fake browser pop-ups that mimic legitimate login pages. The threat actors are abusing the identity of the pro team Navi and promoting their scams on platforms like YouTube. The stolen accounts are likely intended for resale on online marketplaces. The majority of the sites are in English, with one Chinese site discovered. This campaign highlights the ongoing evolution of techniques and the importance of vigilance when encountering login pop-ups, especially for desktop users.

External references