Accepted Report: 76561198104085970 - ([CSGO] Counter-Strike: Global Offensive Items)

Scam Report

Report Type: [Other] Any other fraudulant behavior
Virtual item type involved: [CSGO] Counter-Strike: Global Offensive Items

Accused profile: 76561198104085970

Victim profile: 76561198198528793

What happened? Description:

Attempted Counter-Strike: Global Offensive item scam through browser extension that manipulates the trades you do over OPSkins​

Provide Evidence:

This is my first time reporting somebody and since this is a very special case it might be hard to prove, so please bare with me.

This guy added me a few days ago. Nothing happened. Today he asked me if I can sell him my Gut Knife Doppler which I responded with yes to, but asked him how he would want to give the money to me. He said that we would do it over OPSkins, which I agreed on because it is a safe site. After a while he asked me if I could prove that the skin was not stolen and I replied with a screenshot that showed the trade where I got it from (Which was coincidentally also a trade from OPSkins) but he said that he couldn't trust that as far as I can understand (He doesn't seem to be a native speaker).

He then sent me a link to a chrome extension which allegedly shows if a item has been stolen. I downloaded the extension manually as a .zip to analyse what it does since I am a developer myself. Basically what I found is that this extension replaces the whole trade process you do over OPSkins and communicates with another server to also fake the bots. I confronted him with the fact that it is a scam and he tried to convince me that the extension is "officially" from OPSkins. (Which it is not, otherwise they would integrate it directly into their website + anyone can name themselves however they want on the Chrome Webstore). I don't know if that is enough evidence for you guys and understand if it is not, but I at least want to raise awareness to the whole extension scams that have been popping up with, but not limited to trading like shown in this reddit thread also done by me.

Chatlog #1:



Chatlog #2:



Profile:

​

Basically what it does is replacing the whole trade process with one of their own. Here is the part where they replace the trade with their own bots in particular (Which is also a proof because stuff like this shouldn't be in a item check extension anyway):



As far as I can tell this whole thing runs over a command and control server under the URL of "https://csgotmhelper.pro:8080/" using the WebSocket protocol and key authentication which is why you can't access it with regular HTTP/S in your browser. I have zipped the source of the extension for you in case someone wants to take a look. The interesting files are called main.js and script.js. And yes, you can report the extension under this URL, which I already did.

The extension has been removed from the Chrome Webstore, which is awesome. I still think though that this is a very broad scheme and we just touched the surface of the whole thing. I mean you can scale this to extreme measures if you look at it from the perspective of the scam "business". And the Chrome Webstore itself isn't really secure in any way IMO because you can just re-submit the whole thing under a new name. Thanks for the Announcement - I hope it saves some people. And sorry for the late reply. Was away from home / Steam due to work related stuff.