Items for those games are also the preferred way for Account Hijackers to move money out of the target accounts.
The hijacker will use steam funds or the saved payment methods to buy Dota items worth a few cents for a much higher price from a chain of accounts to move the money.
Interestingly there is a session cookie stealing Trojan that enables Hijackers to do this even when the account has 2fa enabled. The session cookie eliminates the need for the 2fa code from the app or email for login, and steam only asks for additional codes if you want to sell an item over 1€.
I didn’t even know this was possible until someone showed this to me live on a vbox and a honey pot account with 2fa email codes enabled and like 5€ steam funds.
Items for those games are also the preferred way for Account Hijackers to move money out of the target accounts.
The hijacker will use steam funds or the saved payment methods to buy Dota items worth a few cents for a much higher price from a chain of accounts to move the money.
Interestingly there is a session cookie stealing Trojan that enables Hijackers to do this even when the account has 2fa enabled. The session cookie eliminates the need for the 2fa code from the app or email for login, and steam only asks for additional codes if you want to sell an item over 1€.
I didn’t even know this was possible until someone showed this to me live on a vbox and a honey pot account with 2fa email codes enabled and like 5€ steam funds.