If you use gaming video streaming site Twitch, you’ll want to be careful what you click on. A new piece of malware spread through Twitch’s chat feature will attempt to bleed your Steam account dry, according to security software maker F-Secure. The malware spreads through messages posted to Twitch chat that try to entice users into entering a weekly raffle. Click on the link, and a Java program will open up a phony raffle entry form. Once you fill out and submit the form (which, according to F-Secure, doesn’t actually get sent anywhere), the malware goes to work. It installs and runs a Windows binary that can gain access to your Steam account and add friends, accept friend requests, trade items, and sell items in the market at a discount.
F-Secure has uncovered an unusual kind of malware that’s spreading through Twitch’s chat feature, which they’re calling “Eskimo.” The virus starts with a simple phishing scheme, claiming the target has won a phony raffle and offering a bad link to confirm. If users click the link, they’ll be infected with the malware, which logs into the gaming platform Steam and takes control of the target’s account. From there, the program empties the target’s wallet and sells off any valuable items he may have bought or acquired through the service. Users are also reporting that more valuable items were being traded to an account called “Youni,” the owner of which has yet to be tracked down. Twitch is an immensely popular destination for live-streaming video games, which makes it the perfect platform for such an attack. What’s less clear is why Steam is being targeted. Some players may be keeping a lot of cash in their Steam wallets, but compared to a credit card or a checking account, it seems like a less than lucrative target. It’s also surprisingly well secured. Steam’s basic user settings mean the “Youni” account should be linked to a specific computer, which should make it trivial to trace back to whoever’s behind the attack. In the meantime, the message is simple enough: beware of strangers bearing links, on Twitch and otherwise.