Abahlaseli balinganisa i-popup yesikhangeli ukuze babambe iziqinisekiso zeakhawunti yeSteam

Uhlobo olutsha lobuqhetseba lusetyenziswa ngabaphuli-mthetho ukuba baphinde bathengise iiakhawunti zeSteam. Yiloo nto iingcali zibiza ngokuba yi-browser-in-browser attack, ebonisa ukuba isikrini sokungena sibonakala njenge-pop-up.

Ubuchwephesha obutsha bebusele bufunyenwe ekuqaleni kwalo nyaka ngumphandi onegama elingephi Mnu.d0x. Ngoku uphando olwenziwa yinkampani yokhuseleko Iqela le-IB libonisa ukuba obu buchule busetyenziselwa ukuthintela iziqinisekiso zeakhawunti yomphunga. Ngokufana nobuchule be-phishing eyaziwayo, ixhoba lithunyelwa kwiwebhusayithi yobuxoki esekwe yi-hacker. Kukwanjalo kolu hlaselo kubasebenzisi beSteam. Amaxhoba atsalwa kwiwebhusayithi ye-Counterstrike kwaye kufuneka angene ngeakhawunti yawo yeSteam.

Ngokwesiqhelo, isatifikethi se-ssl kwaye rhoqo i-url ibonisa ukuba ayisiyo ndawo isemthethweni. Ngobuchule bokukhangela kwibrowser, oku kunzima kakhulu ukukubona, kuba le ndawo yokukhohlisa isebenzisa iJavaScript ukubonisa i-pop-up yefestile yokungena, ephantse ingabonakali kwifestile yokungena yokwenene yeSteam.

Iwindow inokushukunyiswa ngokulula kwisithuba esivuliweyo. Ukongeza, i-URL ekwifestile yobuxoki ikwavela ngokusemthethweni kwaye iqhaga eliluhlaza lesatifikethi esichanekileyo se-SSL siyaboniswa. Kuphela xa ixhoba livala ifestile yokuqala kuya kucaca ukuba isikrini se-pop-up siyinxalenye yephepha langoku.

Umzuzwana ixhoba lingena ngempumelelo ngefestile yobuxoki, abaphuli-mthetho banokufikelela kwiakhawunti yeSteam. Ukuze ungothuki ixhoba, ekungeneni ngempumelelo, baya kuthunyelwa kwiphepha lokuqinisekisa lokungena kwitumente.