Wani sabon nau'i na yaudara ne masu laifi ke amfani da su don sata da sake siyar da asusun Steam. Wannan shi ne abin da masana ke kira harin browser-in-browser, wanda ke nuna cewa allon shiga yana bayyana a matsayin bulo.
An riga an gano sabuwar dabarar a farkon wannan shekara ta wani mai bincike mai suna mr.d0x. Yanzu wani bincike da kamfanin tsaro Group IB ya yi ya nuna cewa ana amfani da wannan dabarar ne don toshe bayanan asusun tururi. Hakazalika da sanannun fasahohin phishing, wanda aka azabtar ana tura shi zuwa gidan yanar gizon karya da mai kutse ya kafa. Wannan kuma shine yanayin waɗannan hare-haren akan masu amfani da Steam. An jawo wadanda abin ya shafa zuwa gidan yanar gizon gasar Counterstrike kuma dole ne su shiga tare da asusun Steam ɗin su.
A al'ada, takardar shaidar ssl da sau da yawa kuma url suna nuna cewa ba halaltaccen shafin bane. Tare da dabarar browser-in-browser, wannan ya fi wahalar gani, saboda wannan rukunin yanar gizon na amfani da JavaScript don nuna taga mai buɗewa, wanda kusan ba za a iya bambanta da tagar shigar Steam na ainihi ba.
Ana iya matsar da taga a cikin bude shafin. Bugu da ƙari, URL ɗin da ke cikin taga na karya shima yana bayyana halal kuma an nuna koren kulle don daidaitaccen takardar shaidar SSL. Sai kawai lokacin da wanda aka azabtar ya rufe taga na farko zai bayyana a fili cewa allon pop-up yana cikin shafin na yanzu.
Lokacin da wanda aka azabtar ya yi nasarar shiga ta taga na karya, masu laifin suna samun damar shiga asusun Steam. Don kada a tsoratar da wanda aka azabtar, bayan shiga cikin nasara, za a tura su zuwa shafin tabbatar da shiga gasar.