Twitch’s user pool has been plagued by phishing from new malware that entices users to enter a phony raffle, so that it can leech funds from their Steam Wallets.
Twitch is video game-centric website on which users broadcast live streams of gameplay to others. After Google’s failed bid, Amazon got the site and its approximately 50 million users, paying $970 million in cash.
The malicious bot that has been infiltrating Twitch chats may not seem out of place to regular visitors to the streaming site. Live streamers, who earn money through viewer subscriptions, often use bots in the chat area of their channels to encourage donations, attract followers and announce promotions.
After encountering the bot’s sketchy proposition, a Twitch user reported the malware to digital security firm F-Secure. The Helsinki-based security company said the malware could clean out Steam inventories, which may contain rare digital collectibles, and it could rob Steam Wallets, which are sourced by real-world funds to buy games on Valve’s popular distribution platform.
“This malware, which we call Eskimo, is able to wipe your Steam wallet, armory, and inventory dry,” says F-Secure. “It even dumps your items for a discount in the Steam Community Market. Previous variants were selling items with a 12 percent discount, but a recent sample showed that they changed it to 35 percent discount. Perhaps to be able to sell the items faster.”
Eskimo asks users to follow a link in order to fill out a form for a raffle, which it claims offers them a chance to win digital weapons and collectibles for CounterStrike: Global Offensive, according to F-Secure.
F-Secure says Eskimo, once it has access to a Steam account, will take screenshots, add new friends on Steam, accept friend requests, trade with new friends, buy items with Steam funds, send trade offers and accept trades.
After all of a user’s funds have been used to buy collectibles, the malware will trade all of the victim’s digital items to their new “friends.” The fence then sells the ill-gotten goods at deep discounts.
Because all of the fraudulent activity takes place locally, on the victim’s computer, F-Secure has recommended that Valve add a new security measure to Steam’s marketplace.
“It might be helpful for the users if Steam were to add another security check for those trading several items to a newly added friend and for selling items in the market with a low price based on a certain threshold,” said F-Secure. “This will lessen the damages done by this kind of threat.”