better safe than sorry, run anti-virus/anti-malware scans.

There's no harm in running a scan to put your mind at rest.

But phishing sites work by capturing your login details, e.g. your Steam username, password and steamguard code that you physically enter into the site. This does not give them full access to your system or even your web browser's history.

It's unlikely that a phishing site loaded malware - they work by being as stealthy as possible, sending malware your way would alert your anti-virus in an instant.

If all you did was log in, then likely all they have is that username and password and any details that could be gained by having that username and password.
Change your password, and change it anywhere else that you used the same password (if any).

you might want to keep this stuff close by as its the process you will have to follow

if you account gets stolen and hijacked...

account recovery link

https://steamcommunity.com/sharedfiles/filedetails/?id=1126288560



hijacked account

The Steam community recommends 5 steps, done in order, to make sure that the scammer's bot is not only kicked out of your account, but also cannot get back into your account again through malware or using Backup Steam Guard Codes.

Scan for malware https://www.malwarebytes.com/ is one possible tool if you don't have one already.

Deauthorize all other devices https://store.steampowered.com/twofactor/manage (scroll down to "Concerned your credentials are saved on another device?" and click the button that says "Deauthorize all other devices." DO NOT remove your Steam Guard Mobile Authenticator).

Change your Steam account password from a clean device.

Generate new Backup Steam Guard Codes https://store.steampowered.com/twofactor/manage (scroll down to "Get Backup Steam Guard Codes" and click the button that says "Get Backup Codes").

Revoke your Steam account's Web API key https://steamcommunity.com/dev/apikey if needed (if you see a blank field after "domain name", then the scammer did not register a Steam Web API Key).

Make sure you check the API key again after finishing all the other steps in case the hijacker's bot added it again after you removed it earlier.

Best bet is scan your PC first just in case, then change all your important account password. Oh also clear your browser cookies just in case.

In case they completely hijack your account later recovering is fairly easy, my brother got his account hacked because his password is in a data dump As long as you have access to your email and your receipt from steam they will help you recover your account pronto.

Run scan and only use your steam info on steam man cmon

Format and do clean install. That's your nuclear option if you have lingering doubts.

If you were really worried, any hardware connected to your network could be compromised so bin the lot including PC's, phones, tablets, laptops, switches, modems / routers.