Mtundu watsopano wachinyengo umagwiritsidwa ntchito ndi zigawenga kuba ndikugulitsanso maakaunti a Steam. Izi ndi zomwe akatswiri amachitcha kuti msakatuli-mu-browser attack, zomwe zimasonyeza kuti chithunzi cholowera chikuwoneka ngati pop-up.
Njira yatsopanoyi idapezeka kale koyambirira kwa chaka chino ndi wofufuza yemwe ali ndi pseudonym bwana d0x. Tsopano kafukufuku wopangidwa ndi kampani yachitetezo Gulu IB akuwonetsa kuti njirayi ikugwiritsidwa ntchito kuletsa zidziwitso za akaunti ya nthunzi. Mofanana ndi njira zodziwika bwino zachinyengo, wozunzidwayo amatumizidwa ku webusaiti yabodza yokhazikitsidwa ndi wowononga. Izi ndizomwe zimachitikiranso ogwiritsa ntchito Steam. Ozunzidwa amakopeka patsamba la mpikisano wa Counterstrike ndipo ayenera kulowa ndi akaunti yawo ya Steam.
Nthawi zambiri, satifiketi ya ssl komanso url nthawi zambiri imawonetsa kuti sitsamba lovomerezeka. Ndi njira ya osatsegula-mu-browser, izi ndizovuta kwambiri kuziwona, chifukwa tsamba lachinyengoli limagwiritsa ntchito JavaScript kuti liwonetse zenera lolowera, lomwe silingasiyanitsidwe ndi zenera lenileni la Steam.
Zenera likhoza kusuntha mkati mwa tabu lotseguka. Kuphatikiza apo, ulalo womwe uli pawindo labodza umawonekanso ngati wovomerezeka ndipo loko yobiriwira ya satifiketi yolondola ya SSL imawonetsedwa. Pokhapokha pamene wozunzidwayo atseka zenera loyamba m'pamene zidzadziwikiratu kuti zenera la pop-up ndi gawo la tsamba lamakono.
Nthawi yomwe wozunzidwayo amalowa bwino pawindo labodza, zigawenga zimatha kulowa muakaunti ya Steam. Pofuna kuti musamakhumudwitse wozunzidwayo, mukalowa bwino, adzatumizidwa ku tsamba lotsimikizira kulowa nawo mpikisano.