BleepingComputer published an article discussing a recent scam campaign targeting Steam users in order to steal their credentials.
The attackers start with an account they have hacked and message the victim user’s friends to tell them they can get a free Steam game from a site using a promo code. If the recipient of the message visits the site, they are presented with a button to randomly select a free game, which then presents a fake Steam single sign-on page to claim the reward. Logging into the fake page will cause the site to attempt to log in with the credentials to the legitimate Steam service in the background.
If 2FA is enabled on the account, the fake site proceeds to request the 2FA token in order to bypass it. Once full access to the account is obtained, the attackers quickly change the password, associated email address, and associated phone number in order to prevent you from regaining access.
With access to the account, they can continue to spread their scam to additional friends or can potentially steal items in the victim’s Steam inventory. BleepingComputer notes that Steam support can assist in recovering accounts but cannot restore stolen items.
Checks on the website steamsafe.fun indicate that it is malicious.
Indicators of Compromise