Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
BleepingComputer Profile picture
@BleepinComputer
Aug 18, 2019 10 tweets 3 min read Read on X
Scrolly
Steam Accounts Being Stolen Through Elaborate Free Game Scam - by @LawrenceAbrams
bleepingcomputer.com/news/security/…
A Steam scam is underway that begins with a user receiving a Steam message from a friend telling them about a site that they can use to get a free game.
Little does the recipient know that the person's account that is sending the message has been hacked and sucked into a elaborate scam campaign targeting Steam users.
When a user clicks the link they will be redirected through a gateway that then takes them to another working "free game" site. This site says a user can click the "Roll" link to get a random free game.
When a game is selected, the site will prompt them to login to steam to claim the game.
Clicking the login button will generate a fake Steam SSO login page. While it looks identical to Steam's normal SSO login pages, this is a fake page hosted on the game site.
If you enter your credentials, the server will try to log you in behind the scenes. If 2FA is enabled or Steam Guard pops up, which it will as Steam will see it as a login from a new computer, the site will prompt you to enter the code you receive.
This looks like a normal SSO sign in process, but cone the Steam Guard code is entered, the server will once again, behind-the-scenes, login to the account, change the email address, password, and phone number.

They have now stolen the victim's account.
This takeover is being done from an IP address in Russia.🙀🙀🙀
Now that the account has been stolen, it has been added as another bot in this scam's campaign and will be used to further spread the site through Steam messages.

Rinse and repeat.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with BleepingComputer

BleepingComputer Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @BleepinComputer

BleepingComputer Profile picture
Mar 29, 2023
Cybersecurity firms warn of 3CX desktop app supply chain attack - @serghei
bleepingcomputer.com/news/security/…
@serghei While CrowdStrike suspects a North Korean state-backed hacking group it tracks as Labyrinth Collima is behind this attack, Sophos researchers said they "cannot verify this attribution with high confidence."
@serghei One of the trojanized 3CX PBX client samples pushed to 3CX customer's Windows desktops was digitally signed over three weeks ago, on March 3, 2023, with a legitimate 3CX Ltd certificate issued by DigiCert.
Read 13 tweets
BleepingComputer Profile picture
Feb 9, 2023
New ESXiArgs ransomware version prevents VMware ESXi recovery - @LawrenceAbrams
bleepingcomputer.com/news/security/…
A new version of ESXiArgs ransomware attacks was seen today, with changes to the encryption process that are preventing existing VMware ESXi recovery methods from working.
Previously the ransomware would encrypt large files in alternating between 1 MB of encrypted data and a gap of unencrypted data in Megabytes.

This gap, called the size_step, was computed using this formula:

size_step=((($size_in_kb/1024/100)-1))
Read 6 tweets
BleepingComputer Profile picture
Dec 20, 2022
Ransomware gang uses new Microsoft Exchange exploit to breach servers - @serghei
bleepingcomputer.com/news/security/…
The Play ransomware operation is using a new PoC exploit for a relatively new exploit chain patched in November.

This new exploit chain appears to be using the CVE-2022-41082 (also used by ProxyNotShell) and CVE-2022-41080 vulnerabilities.
msrc.microsoft.com/update-guide/e…
Researchers from @CrowdStrike discovered the exploit chain was used to breach Microsoft Exchange servers through Outlook Web Access (OWA) when investigating recent Play Ransomware attacks.

These attacks were bypassing existing mitigations put in place for ProxyNotShell.
Read 8 tweets
BleepingComputer Profile picture
Nov 27, 2022
5.4 million Twitter users' stolen data leaked online — more shared privately - @LawrenceAbrams
bleepingcomputer.com/news/security/…
This data was stolen in December 2021 using a flaw in a Twitter API.

This flaw allowed users to feed email addresses and phone numbers into an API and retrieve associated Twitter IDs.

This ID was used to scrape public information associated with the number and email address.
Using this flaw, a threat actor created a JSON file containing 5,485,635 Twitter profiles that included private and public info.

The data was put up for sale for $30K, but we learned at the time, it was sold to two people for less than that.
bleepingcomputer.com/news/security/…
Read 8 tweets
BleepingComputer Profile picture
Aug 10, 2022
Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen - @serghei
bleepingcomputer.com/news/security/…
Last week, the threat actors sent BleepingComputer a directory listing of allegedly stolen files.

This listing consists of mostly NDAs, business agreements, data dumps, and schematics.

A redacted NDA was also shared as a "hint," or proof-of-breach, of who they attacked.
Today, the Yanluowang ransomware gang posted the same directory listing of approximately 2.75 GB of data, consisting of 3,700 files, that they claim were stolen from Cisco.
Read 10 tweets
BleepingComputer Profile picture
May 23, 2022
Fake Windows exploits targets infosec community with Cobalt Strike - @LawrenceAbrams
bleepingcomputer.com/news/security/…
Last week, a threat actor published alleged PoC exploits for the Windows CVE-2022-24500 and CVE-2022-26809 vulnerability on GitHub.

These respositories are now down, but an archived GitHub page can be seen below.
News of these exploits started spreading on Twitter and hacker forums, such as XSS, but were quickly spotted to be fake and installing malware.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(