Lately, gamers have been attacked by vicious Chrome extensions which seriously threaten to empty their Steam inventory.
According to the security researcher Bart Blaze, the supposedly “helpful” Chrome extensions for Counter-Strike: Global Offensive (CS:GO) are nothing but scamware. Last week, Blaze wrote:
“Instead of being able to change your CS:GO Double theme, your items from your inventory are getting stolen; instead of trading with X or Y person you trust, the items go to the scammer rather than whoever you’re trading with.”
These dangerous extensions pose as “CS:GO Double Withdraw Helper”, “Csgodouble AutoGambling Bot” among other browser add-on themes. Three of the four rogue extensions were still in the Chrome Web Store on Wednesday morning despite several reports.
El Reg warned Google through its PR team about this apparent malfeasance. Behind the alleged scam was probably a Steam user called Delta, who once again was banned, even before we fired off an email.
Nevertheless, copycat or follow-up scams are a real possibility so caution is advised. Those hit can remove the dodgy software from their systems by simply removing the dodgy extensions from Chrome. In fact, this process is much easier process than it would be the case if a trojan software had been installed on a compromised system.
“SteamStealers are (unfortunately) nothing new. Criminals are getting craftier and better in attempting to steal items or account credentials (along with other credentials) from unsuspecting users,” Blaze stated.
“As opposed to actual malware or SteamStealers being loaded on your machine, this time it’s a browser extension, thus be wary of anything that looks too good to be true and think twice before you install anything, whether that be an extensions, a ‘screensaver’ or images that look like you,” he warned.
According to some other security experts, the latest scam represented an evolution in tactics by fraudsters while playing down the likely significance of the incident.
“It’s certainly novel, but I’m not sure how many people would be affected – the gambling/lottery scene can be a bit niche and they have entire groups of websites dedicated to nothing but pages of scam reports/community reputation alerts,” said Chris Boyd, a senior malware intelligence analyst at a security software company.
Bart Blaze, the malware researcher at Panda Security, did not agree with this assessment and said that gambling and gaming on Steam are a potentially powerful lure for crooks to exploit.
“There’s a LOT of betting going on for Steam items and in particular for CS:GO – in fact, there’s quite a lot of money involved,” said Blaze. “A user may be tempted to install any of these extensions for the following reasons: they’d like to change their theme on the CS:GO double site, or they’d like to use a bot to bet rather than place all the bets themselves.”
An extension could do all the work of gambling for a user automatically, freeing their time up to either sip coffee or play games as they please.
“It’s hard to say indeed how many users are affected, especially since the extensions were also re-uploaded at some point by the malware creator,” Blaze says.
