Malicious Chrome extensions ransack Steam users’ inventory

Steam users are being targeted by a scammer that’s offering apparently helpful Chrome extensions for free, but is actually using them to steal items from victims’ Steam inventory.

In this particular “campaign” the targets are players of the popular Counter-Strike: Global Offensive (CS:GO) online first-person shooter game, and specifically those who use CSGODouble, a site where user can gamble CS:GO skins.

The malicious extensions are named CSGODouble Theme Changer, CS:GO Double Withdraw Helper, Csgodouble AutoGambling Bot, Improved CSGODouble, and so on, and some are still available for download on the Chrome Web Store.

When users install them, they allow the extensions to read and change all their data on the websites they visit.

“Instead of being able to change your CS:GO Double theme, your items from your inventory are getting stolen; instead of trading with X or Y person you trust, the items go to the scammer rather than whoever you’re trading with,” security researcher Bart Blaze explains.

He has reported the malicious add-ons to Google, but they still haven’t removed them from the store.

“SteamStealers are (unfortunately) nothing new. Criminals are getting craftier and better in attempting to steal items or account credentials (along with other credentials) from unsuspecting users,” says Blaze.

The only good news about this is that, unlike regular malware, these add-ons can be easily uninstalled by the victims: in Chrome, go to Menu > More Tools > Extensions > click on the extension and choose the Remove from Chrome option (represented by the little garbage can icon).