Typosquatting is an effective means to trick users into believing they have landed on the legitimate site they wanted to visit, so it’s no wonder that it’s often used by phishers
The latest phishing campaign employing this tactic has been spotted targeting players of Counter-Strike: Global Offensive (CS:GO), a popular online tactical first-person shooter that can be played via Steam, the gaming platform developed by Valve Corporation.
The phishers have set up a convincing spoof of the CS:GO Lounge, a site where players can buy and sell in-game items as well as place bets on game matches, on csgoloungcs[dot]com (the address of the legitimate site is csgolounge.com).
Apart from trying to trick visitors into sharing their Steam login credentials, the site also pushes a file on the users (click on the screenshot to enlarge it):
The file, downloaded from a Google Drive location, is named Steam Activation.exe, but is actually a Trojan downloader, whose main purpose is to allow the download of additional malware on the victims’ system.
This is not the first time that CS:GO players are targeted with phishing versions of the CS:GO Lounge site, says Malwarebytes’ Jovi Umawing, and it will probably not be the last, so be careful when receiving messages from unknown players and think twice about clicking on links they contain.
“Ask for the interested party’s handle in the Lounge instead so you, the user, can search for him/her and check out their offers yourself,” she advises.