Online, no-one can hear you scream. But they can come up with a tool for just about any nefarious purpose you can think of it would seem. And the latest is a harvester/mass invite tool for game client Steam.
The DIY Steam tool can be found for sale in some of the shadier quarters of the internet and could, potentially, be used for socially engineering unsuspecting gamers into a fraudulent Steam Group.
Said tool, discovered by Dancho Danchev offers up many possibilities for cybercrims to take advantage of around the fake group example. For instance -
Harvesting of, for instance, German user details, followed by a localized invitation to a localized to German Steam Group, in an attempt to gain access to PCs belonging to German users only
Harvesting of user data belonging to users who have installed, for instance, “Call of Duty – Modern Warfare 3″ in an attempt to offer them a discount for related first person shooters, never released before “patches”, mods, or community support if they click on a malware and client-side exploits serving link, or leave their email in order to participate in a non-existent competition with a randomly selected winner
You might think a tool with this potential would cost a fortune but thats far from correct – it can be purchased for as little as 590 rubles ($19.26) or, for the financially challenged criminal, there is the option to rent 1,000 Steam Group invites for a mere 80 rubles ($2.61).
Thus far, Webroot aren’t aware of any fraudulent Steam Groups currently in operation but at those prices I wouldn’t be surprised if some spring up in the near future. So be careful when you are playing those PC games online and watch out for Group invites that you may not be expecting.