Cybercriminals are deploying fake Steam login pages on phishing sites that falsely promise free skins for the popular shooter. Hackers are targeting Counter-Strike 2 players with deceptive Steam login pages designed to steal their account credentials.

According to cybersecurity firm Silent Push, the attackers spread the scam through websites posing as the esports team Navi. These fake sites display the slogan “Play like Navi” and entice visitors with a “free case” or weapon skin for the game. However, to claim the reward, users are prompted to log in to Steam, unknowingly handing over their credentials.

Figure 1.Fake Steam Login Screens.

According to the cybersecurity vendor, the fake Steam login pop-up cannot be maximized, minimized, or moved outside the browser window, even though victims can ‘interact’ with the URL bar of the fake pop-up. Figure 1 represents Fake Steam Login Screens.

“The goal of the campaign is to create a false sense of security, making visitors believe the pop-up windows are part of legitimate sites [1]. Once a potential victim attempts to log in through the fake Steam portal, the attackers steal the credentials and likely try to hijack the account for resale,” the company explains.

This technique is an example of a “browser-in-the-browser” attack, where malicious websites generate fake pop-ups that mimic login portals for trusted domains. Silent Push notes that this method is particularly effective against desktop users, as the fake pop-ups are designed to appear more convincing on larger screens.

Silent Push reports that all the fake Navi websites were in English, except for one Chinese site, which featured Mandarin text mixed with some English words. The fraudulent sites were hosted on domains such as caserevs[.]com, caseneiv[.]com, and casenaps[.]com. However, it appears the hackers did not create fake pop-ups optimized for mobile viewing.

“Our team advises users to check for fake URL bars in any login pop-ups,” Silent Push warns [2]. “If you see a URL bar, always try dragging the window outside the browser you’re using. This is the easiest way to verify whether the pop-up is legitimate.”

References

1. https://www.pcmag.com/news/hackers-target-counter-strike-2-players-with-fake-steam-login-pop-ups
2. https://local.newsbreak.com/news/3871414849693-hackers-target-counter-strike-2-players-with-fake-steam-login-pop-ups

Cite this article:

Keerthana S (2025),Hackers Deceive Counter-Strike 2 Players with Fake Steam Login Screens, AnaTechMaz,pp 134.