Avatar of Carl Durrek
Carl Durrek Carl is a gaming fanatic, forever stuck on Reddit and all-around lover of food.

New malware is spreading through Twitch and targeting Steam accounts

1 min read

If you use gaming video streaming site Twitch, you’ll want to be careful what you click on. A new piece of malware spread through Twitch’s chat feature will attempt to bleed your Steam account dry, according to security software maker F-Secure. The malware spreads through messages posted to Twitch chat that try to entice users into entering a weekly raffle. Click on the link, and a Java program will open up a phony raffle entry form. Once you fill out and submit the form (which, according to F-Secure, doesn’t actually get sent anywhere), the malware goes to work. It installs and runs a Windows binary that can gain access to your Steam account and add friends, accept friend requests, trade items, and sell items in the market at a discount.

F-Secure has uncovered an unusual kind of malware that’s spreading through Twitch’s chat feature, which they’re calling “Eskimo.” The virus starts with a simple phishing scheme, claiming the target has won a phony raffle and offering a bad link to confirm. If users click the link, they’ll be infected with the malware, which logs into the gaming platform Steam and takes control of the target’s account. From there, the program empties the target’s wallet and sells off any valuable items he may have bought or acquired through the service. Users are also reporting that more valuable items were being traded to an account called “Youni,” the owner of which has yet to be tracked down. Twitch is an immensely popular destination for live-streaming video games, which makes it the perfect platform for such an attack. What’s less clear is why Steam is being targeted. Some players may be keeping a lot of cash in their Steam wallets, but compared to a credit card or a checking account, it seems like a less than lucrative target. It’s also surprisingly well secured. Steam’s basic user settings mean the “Youni” account should be linked to a specific computer, which should make it trivial to trace back to whoever’s behind the attack. In the meantime, the message is simple enough: beware of strangers bearing links, on Twitch and otherwise.

Source
Avatar of Carl Durrek
Carl Durrek Carl is a gaming fanatic, forever stuck on Reddit and all-around lover of food.
«
»

Obama wants $19 billion to improve America’s cyber security

Cyber attacks have grown to become one of the most-important issues in the United States, with both corporations and government agencies suffering from them in...
Avatar of Brian Molidor Brian Molidor
Feb 10, 2016 58 sec read

A hacker managed to steal information from the DHS…

Motherboard reported on Sunday that a hacker managed to get their hands on the personal information of about 30,000 employees for the DHS and FBI,...
Avatar of Alfie Joshua Alfie Joshua
Feb 9, 2016 1 min read

The Java plug-in is finally going to meet its…

It’s been more than two decades since Oracle decided to start plaguing web browsers with its Java plug-in, but it looks like it’s time for Oracle...
Avatar of Chastity Mansfield Chastity Mansfield
Jan 28, 2016 58 sec read

Leave a Reply

Your email address will not be published. Required fields are marked *