By Dancho Danchev
Despite the fact that the one-to-many type of malicious campaign continues dominating the threat landscape, cybercriminals are constantly looking for new ways to better tailor their campaigns to the needs, wants, and demands of potential customers. Utilizing basic marketing concepts such as localization, market segmentation, as well as personalization, today’s sophisticated cybercriminals would never choose to exclusively specialize in one-to-many or one-to-one marketing communication strategies. Instead, they will multitask in an attempt to cover as many market segments as possible.
In this post, I’ll emphasize on a targeted attacks potentially affecting Steams’ users, thanks to the commercial availability of a DIY (do it yourself) Steam ‘information harvester/mass group inviter’ tool, currently available at multiple cybercrime-friendly online communities. What’s so special about the application? How would cybercriminals potentially use it to achieve their fraudulent objectives? How much does it cost? Is the author/vendor of the application offering access to its features as a managed service?
Let’s find out.
Sample screenshot of the DIY Steam ‘information harvester/mass group inviter’ tool:
As you can see in the attached screenshot, given a working Steam Group URL, the tool will automatically process the associated user names, Steam IDs, service registration date, installed games, average play time, as well as last login time – all with a click of a button.
Once a cybercriminal has gathered this data, they can easily initiate a mass invite to a fraudulent/malicious Steam Group. The social engineering potential opportunities here are virtually limitless, as the tool can successfully harvest “installed games”, potentially allowing a cybercriminal to better describe a fraudulent Steam Group in an attempt to appear more legitamite.
Possible fraudulent scenarios:
- Harvesting of, for instance, German user details, followed by a localized invitation to a localized to German Steam Group, in an attempt to gain access to PCs belonging to German users only
- Harvesting of user data belonging to users who have installed, for instance, “Call of Duty – Modern Warfare 3” in an attempt to offer them a discount for related first person shooters, never released before “patches”, mods, or community support if they click on a malware and client-side exploits serving link, or leave their email in order to participate in a non-existent competition with a randomly selected winner
What about the price? The tool is currently available for 590 rubles ($19.26). What’s also worth emphasizing on is that, cybercriminals can still use the tool even if the don’t buy a licence for it, through the managed service offered by its author. For 80 rubles ($2.61), the author will send1,000 Steam Group invites on your behalf, and for 130 rubles ($4.24), he’ll only send those invites to Steam users who are online, in an attempt to increase the probability of a successful participant, by leveraging the momentum of the real-time invitation.
Although we’re currently not aware of any live fraudulent Steam Groups, we advise Steam users to be extra vigilant for suspicious group invitations, promising them discounts, bonus items, free games, mods, or anything that a gamer would possibly want.