A new piece of Malware has been found in Twitch that has the potential to wipe the users Steam wallet and hijack its inventory.
The scam starts with an invitation to a raffle. When the user inputs their name and email, the Malware begins doing its dirty work, adding new friends to your friends list, and buying and selling items.
Twitch support acknowledged the malware in a tweet sent a few days ago, informing users to specifically avoid the “csgoprize” link in chat, which is how the the Malware infects your computer.
Roy Tobin, a Threat Researcher at Webroot, said it was common for popular sites to be targeted in this way.
“There are so many popular social platforms for cyber-criminals to choose from and an easy way for them to target naïve users is to create themed scams,” he explained. “We have seen a number of these types of droppers lately but not in huge numbers; however any type of popular media site will eventually be hit in this way.”
Roy Tobin said that a few simple steps would help protect users in general.
“If something looks too good to be true, it usually is,” he said. “It all comes back to user education, not clicking on links and not executing unknown files. We have seen similar infection routes with embedded comments on YouTube videos and even Facebook comments. Since they originate on known sites, people can be lured into a false sense of security.”
But come on guys and girls — you are all way too smart to get sucked into this kind of Malware, right?
OH LOOK I JUST WON A $1 MILLION! All I have to do is click this link…
Comments
8 responses to “Warning: Malware Bug Found In Twitch Hijacks Steam Accounts”
Ahem, where is said link for Million dollars?
They’re getting smarter. A raffle’s more convincing than a distant uncle dying.
So if I understand it right, there is no actual vulnerability in Twitch itself, but rather some people or bots are posting links in the stream chat that send people to web sites that try to exploit your browser?
Expanding on this, the article mentions that the user enters their “name and email”. Since it doesn’t mention downloading/installing applications or clicking any steam:// links, I assume they meant email and password instead?
here is an article that explains how it works http://www.f-secure.com/weblog/archives/00002742.html
from the atricle:
The link provided by the Twitch-bot leads to a Java program which asks for the participant’s name, e-mail address and permission to publish winner’s name, but in reality, it doesn’t store those anywhere.… the malware proceeds to dropping a Windows binary file and executing it to perform these commands:
• Take screenshots
• Add new friends in Steam
• Accept pending friend requests in Steam
• Initiate trading with new friends in Steam
• Buy items, if user has money
• Send a trade offer
• Accept pending trade transactions
• Sell items with a discount in the market
While some scams are easy to spot, there are a bunch that I get every so often that are very difficult because they just use the standard messages sent by legitimate companies and tweak the URLs. A lot of the time you can usually pick it because it won’t make sense as to why you received it (Especially if it’s a bank I’m not with), though sometimes it feels so legit the only way you can tell is to check the URLs. Even then, I almost fell prey to one because the link was almost exactly the same as the proper one, except two letters were reversed so it took me several minutes to spot the scam.
And sometimes they don’t even try, like the almost constant barrage of “RETURN TO AZEROTH/WORLD OF WARCRAFT” emails I get…
Not only is the body of the email full of broken images and horribly broken english, but if you look at the URL, rather than just the display text, it’s typically something like wow-battle-net-warcraft.ru (I don’t know if the Kotaku forums will pick that up as an actual link, but don’t click it if it does… who knows where it will resolve to…) rather than the official battle.net site.
I generally go with the rule of “If it’s sent by a company I don’t know OR it has simple spelling and grammatical mistakes, don’t open it or download anything from it.”