Tuesday, January 19, 2016

Chrome extension empties your Steam inventory

I recently got notified about the following topic (and post) on TeamFortress.tv:
Known scammer alt opening a gambling site

In there, you can see a Steam user named Delta (Steam profile down below) has created several 'helpful' Chrome extensions for Counter-Strike: Global Offensive (CS:GO).

A few examples:

'Read and change all your data on the websites you visit'

Other examples are:

CSGODouble Theme Changer
CS:GO Double Withdraw Helper
Csgodouble AutoGambling Bot
Improved CSGODouble

Instead of being able to change your CS:GO Double theme, your items from your inventory are getting stolen; instead of trading with X or Y person you trust, the items go to the scammer rather than whoever you're trading with:

All the addons he made can be found here. You can report them to Google as well by clicking 'Report Abuse' > 'Malware'. Note: some of them are still in the store despite several reports.

Update (20/01): all mentioned extensions are now removed from the Chrome Web Store.

76561198254328724 is the Steam ID of the scammer, who currently has a/is on trade probation; which means they recently had a trade ban removed.

Update (20/01): 'Delta' is now trade banned (again):

You can find his Steam profile here and his SteamRep profile here. (SteamRep is "a non-profit site that partners with community administrators to improve the safety of game-related trading.")


As opposed to actual SteamStealers, this one's pretty easy to disinfect or remove, as you can simply remove the extension(s) from Chrome:

In this example:

You may read more about installing, managing and removing extensions here. If you're having problems removing one of the extensions, you can also try resetting your Chrome browser.


Does it look suspicious? Does it sound too good to be true? Don't install it!

For more prevention tips on securing your Steam account, see my earlier post about SteamStealers here.

Steam also has a FAQ set up in regards to: Spyware, Malware, Adware, or Virus Interfering with Steam


SteamStealers are (unfortunately) nothing new. Criminals are getting craftier and better in attempting to steal items or account credentials (along with other credentials) from unsuspecting users.

As opposed to actual malware or SteamStealers being loaded on your machine, this time it's a browser extension - thus be wary of anything that looks too good to be true and think twice
before you install anything (whether that be an extension, a 'screensaver' or images that look like you ;) ).

Follow the prevention tips above to stay safe. For any questions or feedback, don't hesitate to comment.

Sunday, January 10, 2016

Security Predictions 2016

Since everyone's doing it, here are some of my security predictions for 2016.

  • More ransomware
  • More misuse of the word 'CryptoLocker' (this ransomware died somewhere in 2014)
  • More malware
  • More misspellings of malware ('mallware', 'maleware', etc.)
  • More IoT devices (Internet of Things)
  • More ransomware or other malware for IoT devices
  • More database/company breaches
  • More spam, phishing, etc.
  • More (ATM) skimming
  • More nation-state malware
  • More governments spying on their citizens
  • More privacy concerns
  • ...

Essentially: more of the same. I also suspect 2016 the year of more nation-state malware to be discovered/uncovered. And of course more encrypting ransomware (aka 'cryptoware') as it's still a succesful recipe. As long as people pay the ransom, they will keep bringing out new & improved versions/variants.

More security predictions (and probably more explained in depth or simply better ones) can be found by performing a search with your favorite search engine.

May you have a safe, malware-free, privacy-friendly 2016!