Steam Account Security Breaching Bypass

[iDeJayDzn]

So can someone explain this to me.

 

Someone added me on Steam, me thinking it was someone in my game invited me to a game of CS:GO but was speaking to me via steam message at the same time and responding as a human normally would. However once i joined the lobby, they also invited another person. The original person then asked if we wanted to join a teamspeak server so we both said sure. I had no idea who the other person was but im guessing they got the same issue as me as i checked the account which the items got traded to (No longer there) and other items were in there about an hour after mine got stolen.

 

Anyways back to my part.

 

So i got a prompt from TS when trying to connect to the lobby. It told me that a plugin was out of date and i had to update it. (This was teamspeak). So naturally, i thought nothing of it and because i barely use it i didnt think much of it. However it then downloaded something which was like 106kb and CS:GO crashed. Steam rebooted. However i noticed that Steam had a different thumbnail so i quickly force closed Steam as the malware was attatched to Steam. I scanned it all twice with AVG and nothing. No malware, no virus no nothing. So i rebooted Steam to see if it was still there. (Only account name was in nothing else, i didnt type anything.) So i force closed it again. So i uninstalled Steam and then went to go re download it. During me downloading Steam i recieved an email with a trade confirmation. I clicked decline (Right side, it was in russian.) but Steam then told me there was an error.

 

Once Steam was reinstalled (No suspicious apps running the background or the thumbnail that was there before was present). First i signed in on Chrome (Just to double check the Steam app was safe. My CS:GO items were already gone. So i signed into the app on my PC to double check and they were gone there too. 

 

So my main question is. HOW IN THE FUCK, does teamspeak allow for viruses to be passed that way through their application? Also how in the fuck does Steam Safeguard allow a bypass to an account when they dont even know my details, considering i didn't even have my email address open or confirm the trade? Like how is that even possible for a program or code to allow a user to automatically manage to grab an account without knowing any details then bypass Steams main security feature. 

 

The link clicking i understand as its a keylogger. However i didnt type anything in during the time Steam.exe was infected and uninstalled it as soon as i noticed and plus Steam usually requests a new code for a new IP/Location or Device, which it did not. Like im totally baffled as to how in the fuck Steam or Teamspeak could allow flaws like this to happen? Like what in the fuck.

[H4X3R]

-.- And that's why i use mumble not some crappy ts.

 

PS This has happened to many users and friends i know, one of 'em lost his karambit UV MW.

[iDeJayDzn]

-.- And that's why i use mumble not some crappy ts.

 

PS This has happened to many users and friends i know.

 

I tend to use Skype (I know but its usually with people i know) I only tend to use TS for people i meet on CS or other games that dont use skype.

 

EDIT - Plus i've always tended to be very vigilant about what i click. With it being a TS message pop up though, i thought nothing of it.

[The Pizza Thief]

So can someone explain this to me.

 

What did Steam said to you? 

[iDeJayDzn]

What did Steam said to you? 

 

You are joking. I created a ticket 4 days ago and i've had nothing back. I'm still waiting for a reply from them.

[Samppa221]

Typical scam in steam that teamspeak bullshittery is allways a scam sometimes they try to get you to download a new teamspeak like program. Im sorry to hear that you got scammed. You must learn the hard way sometimes to be suspicious for scams

[The Pizza Thief]

You are joking. I created a ticket 4 days ago and i've had nothing back. I'm still waiting for a reply from them.

 

I've never had any issues with Steam mostly because I don't spend my money in useless skins for games. But I wouldn't know how much it takes for steam to respond to a claim, I hope you get your money back mate and learn a bit from the experience.

[iDeJayDzn]

Typical scam in steam that teamspeak bullshittery is allways a scam sometimes they try to get you to download a new teamspeak like program. Im sorry to hear that you got scammed. You must learn the hard way sometimes to be suspicious for scams

 

After it happened i looked around and apparently it started in Dota2 or something? Now CS people are getting around to it and using it to get skins. Although it's a pain in the arse for the other person to get them back because of Steams shite customer support. Just gotta wait i suppose. I'm just pissed off because i had loads of expensive skins and also i have no idea how it could even happen. Like it'll baffle me till someone can explain what exactly happened for them to manage to get hold of them.

[iDeJayDzn]

I've never had any issues with Steam mostly because I don't spend my money in useless skins for games. But I wouldn't know how much it takes for steam to respond to a claim, I hope you get your money back mate and learn a bit from the experience.

 

Like i said up above im usually vigilant. Thats just something im new to. I didnt think TS itself would be that open to malware and hacks. Ah well. Atleast i know not to trust any plugin updates again.

[JeffreyEagan]

You probably got the MOTD message made to look like a plugin update message, combined with a bogus link to a webpage to download the malware. MOTD messages can use the [url=] tag to do link insertions to text, this is nothing new.

[007agentHP]

You are joking. I created a ticket 4 days ago and i've had nothing back. I'm still waiting for a reply from them.

good luck. i was on their waiting list for hacked accounts for 2 months,and when i got contact it was a BS answer and i had to create a new one

[Guest]

js

Sometimes TS has you download things, they even ask you if they want you to download it.

You gotta be pretty stupid IF you go on and download it.

Not saying that you did, but no one I ever know has managed to do this, and I know people.

[iDeJayDzn]

good luck. i was on their waiting list for hacked accounts for 2 months,and when i got contact it was a BS answer and i had to create a new one

 

Thats the thing. My accounts fine. All that was touched was my CS:GO skins. Like they just cleaned that tab. There's nothing else been touched. No attempt on transactions, no attempt to sell anything, no attempt to get the account change/VAC'd or nothing. They just seemed to bypass every saftey protocol and get all my skins. Which i dont understand.

 

You probably got the MOTD message made to look like a plugin update message, combined with a bogus link to a webpage to download the malware. MOTD messages can use the [url=] tag to do link insertions to text, this is nothing new.

 

TS was already open. Wait you mean the servers welcome message? Idk. TS didnt say i was kicked or removed from a server, i just got i couldnt join because of an invalid plugin.

[iDeJayDzn]

js

Sometimes TS has you download things, they even ask you if they want you to download it.

You gotta be pretty stupid IF you go on and download it.

Not saying that you did, but no one I ever know has managed to do this, and I know people.

 

I barely use it so its my first instance with anything like this. I never liked TS as it was. I just had it running in the background incase i ever needed it because a couple of my friends use it from time to time. I understand kind of how it'd work but usually with programs theres plugins in certain things and i just thought it was that. I wasnt aware of TS being so infected. Now i do however so meh. I'll be fine once i get my items back.

[WelshDdraig]

That happened exactly the same to my brother. Him not being knowledgeable clicked a link without checking it. Almost lost an expensive knife. I spent an entire day trying to fix his PC. Lucky I had his account on my PC, so I managed to trade all his items to me. But there was attempts to hack his account. 

 

I honestly want to know how this works as well. 

[iDeJayDzn]

That happened exactly the same to my brother. Him not being knowledgeable clicked a link without checking it. Almost lost an expensive knife. I spent an entire day trying to fix his PC. Lucky I had his account on my PC, so I managed to trade all his items to me. But there was attempts to hack his account. 

 

I honestly want to know how this works as well. 

 

I mean it was within TS acting as a plugin update so i thought nothing of it. He was lucky to have nothing else stolen. Uninstalling Steam fixed mine because it leaches to Steams internal files but virus scanners dont pick it up so im guessing it leaches to a reg key or something.

[WelshDdraig]

I mean it was within TS acting as a plugin update so i thought nothing of it. He was lucky to have nothing else stolen. Uninstalling Steam fixed mine because it leaches to Steams internal files but virus scanners dont pick it up so im guessing it leaches to a reg key or something.

The one that had my brother was a separate file. It had nothing to do with TS. The reason I call him an idiot is because it was a direct link to a file site they were using (I think it was DropBox) You don't click those types of links. But yeh, hes pretty lucky that I had his account on my PC. But it sucks that they got your skins. those can be pretty rare and expensive.

Here's what my brother almost had stolen from him

[iDeJayDzn]

The one that had my brother was a separate file. It had nothing to do with TS. The reason I call him an idiot is because it was a direct link to a file site they were using (I think it was DropBox) You don't click those types of links. But yeh, hes pretty lucky that I had his account on my PC. But it sucks that they got your skins. those can be pretty rare and expensive.

Here's what my brother almost had stolen from him

 

This russian dick took all this... so quite a lot ))))

http://prntscr.com/8hhga3

Im just hoping Steam gives me them back. No way im buying anymore if they dont.

[Guest]

I barely use it so its my first instance with anything like this. I never liked TS as it was. I just had it running in the background incase i ever needed it because a couple of my friends use it from time to time. I understand kind of how it'd work but usually with programs theres plugins in certain things and i just thought it was that. I wasnt aware of TS being so infected. Now i do however so meh. I'll be fine once i get my items back.

TS is 100% is safe. Someone got you to download something to join the server. your Probably didnt think anything of it and didnt know :U

Teamspeak itself is not infected though...

[WelshDdraig]

This russian dick took all this... so quite a lot ))))

http://prntscr.com/8hhga3

Im just hoping Steam gives me them back. No way im buying anymore if they dont.

Damn, while my brother would have been pissed, he had it lucky compared to that.

As for Steam refunding the items, I think there was a policy if they can detect the theft they would restore the inventory to a certain point before the theft.

But I think this has since been retracted. Hope you can get your items back.

[iDeJayDzn]

Damn, while my brother would have been pissed, he had it lucky compared to that.

As for Steam refunding the items, I think there was a policy if they can detect the theft they would restore the inventory to a certain point before the theft.

But I think this has since been retracted. Hope you can get your items back.

 

Its still on their forums saying that they refund the items on case per case basis one time only per account. They only invalidate your ticket/problem if it was a trade that you initiated. Which i didnt. Mainly because im not fucking Russian.

[Stuff_]

Steam should strictly implement a proper 2 factor auth. Go through the same method in which facebook, google, lastpass, and others do. 

Be able to integrate it with an auth app suchas Google's Auth, or Authy through your phone. That way, if you login from a suspicious place, or a new location, you need to type in the code from your phone, which is automatically regenerated every few seconds.

 

The "steam guard" that they use is a very poor attempt at being a proprietary 2factor authentication.  

[iDeJayDzn]

Steam should strictly implement a proper 2 factor auth. Go through the same method in which facebook, google, lastpass, and others do. 

Be able to integrate it with an auth app suchas Google's Auth, or Authy through your phone. That way, if you login from a suspicious place, or a new location, you need to type in the code from your phone, which is automatically regenerated every few seconds.

 

The "steam guard" that they use is a very poor attempt at being a proprietary 2factor authentication.  

 

They have it now. Although the issue is that my phones space cant hold steam on the main OS so i cant use it. Plus its either Phone OR email. You cant use both.

[JeffreyEagan]

Thats the thing. My accounts fine. All that was touched was my CS:GO skins. Like they just cleaned that tab. There's nothing else been touched. No attempt on transactions, no attempt to sell anything, no attempt to get the account change/VAC'd or nothing. They just seemed to bypass every saftey protocol and get all my skins. Which i dont understand.

 

 

TS was already open. Wait you mean the servers welcome message? Idk. TS didnt say i was kicked or removed from a server, i just got i couldnt join because of an invalid plugin.

Oh yeah, infected plugin attacks.

[Stuff_]

They have it now. Although the issue is that my phones space cant hold steam on the main OS so i cant use it. Plus its either Phone OR email. You cant use both.

You aren't understanding what I am talking about.