Tuesday, January 19, 2016

Chrome extension empties your Steam inventory


I recently got notified about the following topic (and post) on TeamFortress.tv:
Known scammer alt opening a gambling site

In there, you can see a Steam user named Delta (Steam profile down below) has created several 'helpful' Chrome extensions for Counter-Strike: Global Offensive (CS:GO).

A few examples:


'Read and change all your data on the websites you visit'





























Other examples are:

CSGODouble Theme Changer
CS:GO Double Withdraw Helper
Csgodouble AutoGambling Bot
Improved CSGODouble

Instead of being able to change your CS:GO Double theme, your items from your inventory are getting stolen; instead of trading with X or Y person you trust, the items go to the scammer rather than whoever you're trading with:





All the addons he made can be found here. You can report them to Google as well by clicking 'Report Abuse' > 'Malware'. Note: some of them are still in the store despite several reports.

Update (20/01): all mentioned extensions are now removed from the Chrome Web Store.



76561198254328724 is the Steam ID of the scammer, who currently has a/is on trade probation; which means they recently had a trade ban removed.










Update (20/01): 'Delta' is now trade banned (again):










You can find his Steam profile here and his SteamRep profile here. (SteamRep is "a non-profit site that partners with community administrators to improve the safety of game-related trading.")





Disinfection

As opposed to actual SteamStealers, this one's pretty easy to disinfect or remove, as you can simply remove the extension(s) from Chrome:











In this example:








You may read more about installing, managing and removing extensions here. If you're having problems removing one of the extensions, you can also try resetting your Chrome browser.



Prevention


Does it look suspicious? Does it sound too good to be true? Don't install it!

For more prevention tips on securing your Steam account, see my earlier post about SteamStealers here.

Steam also has a FAQ set up in regards to: Spyware, Malware, Adware, or Virus Interfering with Steam



Conclusion

SteamStealers are (unfortunately) nothing new. Criminals are getting craftier and better in attempting to steal items or account credentials (along with other credentials) from unsuspecting users.

As opposed to actual malware or SteamStealers being loaded on your machine, this time it's a browser extension - thus be wary of anything that looks too good to be true and think twice
before you install anything (whether that be an extension, a 'screensaver' or images that look like you ;) ).

Follow the prevention tips above to stay safe. For any questions or feedback, don't hesitate to comment.


4 comments:

  1. Note that the extensions claim to add functionality to "csgodouble.com" but Chrome warns they can modify ANY website. The warnings are there!

    ReplyDelete
    Replies
    1. Yes, it should be obvious from the warning; but unfortunately many just click through.

      Delete
  2. WOW, that Delta guy has also created a TF2 gambling site some weeks ago, but his Developer closed the site because taht Delta guy had rigged the lotto pots so that he won every pot he wanted!! SUCH AN A**HOLE

    ReplyDelete
    Replies
    1. It indeed appears this Delta guy has tried scamming people using several methods. Hopefully he'll be perma trade banned by Valve now and won't come back :)

      Delete