“Behind the scenes, though, their Steam credentials have already been stored into the scam website.” “When Discord users key in their Steam credentials in the fake pop-up, it will show them the error message saying, ‘The account name or password that you have entered is incorrect,'” the report said. The gambit is intended to fool users into thinking they’re being taken to the Steam platform to enter in their login information - supposedly to fulfil the request to “link” the Steam account with Discord for the free Nitro subscription. Fake Pop-Up AdsĪs Malwarebytes Labs explained in the report, once a victim clicks on the button, the site appears to serve a Steam pop-up ad, but researchers explained the ad is still part of the same malicious site. The button initiates a fake pop-up window that appears to send targets off to Steam - but in fact, it keeps them on the same malicious page. There are several malicious domains associated with the spoofed page, analysts noted: The malicious link takes users to a spoofed Discord page with a button that reads, “Get Nitro.” “Just link your Steam account and enjoy,” the message says, and it includes a link purportedly to do just that.
