Steam scammer caught red-handed by Panda Security researcher. A crafty Steam user created four Chrome extensions that would empty out his victim’s Steam inventory and send all their game perks to the extension’s owner.
First signs that something was wrong were spotted by Panda Security researcher Bart Blaze on the TeamFortress.tv forums.
Mr. Blaze was able to track down the incidents to four Chrome extensions developed byDouble Script user. These are:
╸ CSGODouble Theme Changer (still active)
╸ CS:GO Double Withdraw Helper (still active)
╸ Csgodouble AutoGambling Bot (taken down by Google)
╸ Improved CSGODouble (taken down by Google)
All extensions are aimed at CS:GO (Counter Strike Global Offensive) users and are advertised as helpers for executing Steam trades and bet bots for skin betting sites.
When installed, instead of helping users with their Steam inventory transactions, these extensions will execute trades from the victim’s inventory to the scammer.
Scammer reported by community, banned by Steam
The scammer’s Steam profile is MetrixTf2, and his public display name is Delta. As you can see for yourself, the scammer has already been banned from Steam trades at this point, and his SteamRep profile also lists an advisory for anyone checking out his account.
These extensions are a change from normal tactics employed by Steam scammers, who usually rely on desktop installers to infect users with malware that executes these illegal transactions inside the Steam client itself.
While desktop Steam stealers are harder to remove, in this case, users only have to remove the Chrome extension from their browser. This is a simple step and will get rid of the infection.
Additionally, users could also do everyone a favor and report each Chrome extension to Chrome by choosing the “Report abuse -> Malware” option on each extension’s Chrome Web Store page.
The scammer’s Steam profile